Skip to content

Commit

Permalink
Merge branch 'RetireJS:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@b34c0n5
b34c0n5 authored May 24, 2024
2 parents 124536a + a5cb28f commit 58d58f8
Show file tree
Hide file tree
Showing 3 changed files with 143 additions and 9 deletions.
48 changes: 47 additions & 1 deletion repository/jsrepository-master.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1130,7 +1130,7 @@
"summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
"identifiers": {
"githubID": "GHSA-27gm-ghr9-4v95",
"CVE": ["CVE-2020-17480", "CVE-2020-23066"]
"CVE": ["CVE-2020-17480"]
},
"severity": "high",
"cwe": ["CWE-79"],
Expand Down Expand Up @@ -4789,6 +4789,52 @@
"nextjs": {
"npmname": "next",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "13.4.0",
"below": "13.5.1"
}
],
"summary": "Next.js Vulnerable to HTTP Request Smuggling",
"cwe": ["CWE-444"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-34350"],
"githubID": "GHSA-77r5-gw3j-2mpf"
},
"info": [
"https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
"https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
"https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"ranges": [
{
"atOrAbove": "13.4.0",
"below": "14.1.1"
}
],
"summary": "Next.js Server-Side Request Forgery in Server Actions",
"cwe": ["CWE-918"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-34351"],
"githubID": "GHSA-fr5h-rqp8-mj6g"
},
"info": [
"https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
"https://github.com/vercel/next.js/pull/62561",
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
},
{
"ranges": [
{
Expand Down
52 changes: 48 additions & 4 deletions repository/jsrepository-v2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1241,8 +1241,7 @@
"summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
"githubID": "GHSA-27gm-ghr9-4v95",
"CVE": [
"CVE-2020-17480",
"CVE-2020-23066"
"CVE-2020-17480"
]
},
"info": [
Expand Down Expand Up @@ -1312,8 +1311,7 @@
"summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
"githubID": "GHSA-27gm-ghr9-4v95",
"CVE": [
"CVE-2020-17480",
"CVE-2020-23066"
"CVE-2020-17480"
]
},
"info": [
Expand Down Expand Up @@ -6508,6 +6506,52 @@
"info": [
"https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
]
},
{
"atOrAbove": "13.4.0",
"below": "13.5.1",
"cwe": [
"CWE-444"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Vulnerable to HTTP Request Smuggling",
"CVE": [
"CVE-2024-34350"
],
"githubID": "GHSA-77r5-gw3j-2mpf"
},
"info": [
"https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
"https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
"https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
"cwe": [
"CWE-918"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Server-Side Request Forgery in Server Actions",
"CVE": [
"CVE-2024-34351"
],
"githubID": "GHSA-fr5h-rqp8-mj6g"
},
"info": [
"https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
"https://github.com/vercel/next.js/pull/62561",
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down
52 changes: 48 additions & 4 deletions repository/jsrepository.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1227,8 +1227,7 @@
"summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
"githubID": "GHSA-27gm-ghr9-4v95",
"CVE": [
"CVE-2020-17480",
"CVE-2020-23066"
"CVE-2020-17480"
]
},
"info": [
Expand Down Expand Up @@ -1298,8 +1297,7 @@
"summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
"githubID": "GHSA-27gm-ghr9-4v95",
"CVE": [
"CVE-2020-17480",
"CVE-2020-23066"
"CVE-2020-17480"
]
},
"info": [
Expand Down Expand Up @@ -6447,6 +6445,52 @@
"info": [
"https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
]
},
{
"atOrAbove": "13.4.0",
"below": "13.5.1",
"cwe": [
"CWE-444"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Vulnerable to HTTP Request Smuggling",
"CVE": [
"CVE-2024-34350"
],
"githubID": "GHSA-77r5-gw3j-2mpf"
},
"info": [
"https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
"https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
"https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
"cwe": [
"CWE-918"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Server-Side Request Forgery in Server Actions",
"CVE": [
"CVE-2024-34351"
],
"githubID": "GHSA-fr5h-rqp8-mj6g"
},
"info": [
"https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
"https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
"https://github.com/vercel/next.js/pull/62561",
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down

0 comments on commit 58d58f8

Please sign in to comment.