Skip to content

Commit

Permalink
Add next.js and dompurify vulns
Browse files Browse the repository at this point in the history
  • Loading branch information
@eoftedal
eoftedal committed Sep 19, 2024
1 parent 03ba5c5 commit e35835a
Show file tree
Hide file tree
Showing 5 changed files with 438 additions and 0 deletions.
54 changes: 54 additions & 0 deletions repository/jsrepository-master.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3174,6 +3174,33 @@
"bowername": ["dompurify", "DOMPurify"],
"npmname": "dompurify",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "0",
"below": "2.5.4"
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3"
}
],
"summary": "DOMPurify allows tampering by prototype pollution",
"cwe": ["CWE-1321", "CWE-1333"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-45801"],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
},
{
"ranges": [
{
Expand Down Expand Up @@ -5044,6 +5071,33 @@
"nextjs": {
"npmname": "next",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "13.5.1",
"below": "13.5.7"
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10"
}
],
"summary": "Next.js Cache Poisoning",
"cwe": ["CWE-349", "CWE-639"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-46982"],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
},
{
"ranges": [
{
Expand Down
96 changes: 96 additions & 0 deletions repository/jsrepository-v2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4467,6 +4467,54 @@
"info": [
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.5.4",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
}
],
"extractors": {
Expand Down Expand Up @@ -6777,6 +6825,30 @@
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.5.1",
"below": "13.5.7",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
Expand All @@ -6799,6 +6871,30 @@
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down
96 changes: 96 additions & 0 deletions repository/jsrepository-v3.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4564,6 +4564,54 @@
"info": [
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.5.4",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
}
],
"extractors": {
Expand Down Expand Up @@ -6939,6 +6987,30 @@
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.5.1",
"below": "13.5.7",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
Expand All @@ -6961,6 +7033,30 @@
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down
Loading

0 comments on commit e35835a

Please sign in to comment.