Story #15211: update documentation for certificates

[marob]

No description provided.

[vitam-prg]

Checkmarx One – Scan Summary & Details – acbfd7a5-42f0-4453-8e43-264e4e9066bf

New Issues (26)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2021-44906	Npm-minimist-0.0.10	details Recommended version: 0.2.4 Description: Minimist is vulnerable to Prototype Pollution via file "index.js", function "setKey()" (lines 69-95). This issue affects minimist versions prior t... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2023-25344	Npm-swig-templates-2.0.3	details Description: An issue was discovered in swig-templates in versions through 2.0.3 and swig versions 1.0.0-pre1 through 1.4.2, allowing attackers to execute arbit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2023-42282	Npm-ip-2.0.0	details Recommended version: 2.0.1 Description: The `isPublic()` function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats, such as 0x7F.1 as priv... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2021-23372	Npm-mongo-express-1.0.0	details Recommended version: 1.0.1 Description: Versions prior to 1.0.1 of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unh... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2023-25345	Npm-swig-templates-2.0.3	details Description: Directory Traversal Vulnerability in all versions of swig-templates and swig allows attackers to read arbitrary files via the "include" or "extends... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2024-21538	Npm-cross-spawn-7.0.3	details Recommended version: 7.0.5 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2024-29415	Npm-ip-2.0.0	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
8		CVE-2024-45296	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2024-45590	Npm-body-parser-1.20.0	details Recommended version: 1.20.3 Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2024-52798	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2026-24842	Npm-tar-6.2.1	details Recommended version: 7.5.7 Description: node-tar, a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12		CVE-2026-24842	Npm-tar-7.5.2	details Description: node-tar, a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2020-7598	Npm-minimist-0.0.10	details Recommended version: 0.2.4 Description: Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the proto... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
14		CVE-2023-52555	Npm-mongo-express-1.0.0	details Description: In mongo-express versions through 1.02, '/admin' allows Cross-site Request Forgery (CSRF), as demonstrated by deletion of a Collection. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15		CVE-2024-27088	Npm-es5-ext-0.10.62	details Recommended version: 0.10.63 Description: The es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into "function#copy" or "fun... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
16		CVE-2024-29041	Npm-express-4.18.1	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. Express.js versions prior to 4.19.2, and 5.0.x prior to 5.0.0-beta.3 are affected by an open redirect... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		CVE-2024-43796	Npm-express-4.18.1	details Recommended version: 4.20.0 Description: Express.js minimalist web framework for node. In express versions prior to 4.20.0 and 5.0.x prior to 5.0.0, passing untrusted user input even after... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
18		CVE-2024-43799	Npm-send-0.18.0	details Recommended version: 0.19.0 Description: Send is a library for streaming files from the file system as an HTTP response. Send passes untrusted user input to "SendStream.redirect()" which e... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
19		CVE-2024-43800	Npm-serve-static-1.15.0	details Recommended version: 1.16.0 Description: serve-static serves static files. serve-static passes untrusted user input even after sanitizing it to "redirect()" and may execute untrusted code.... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
20		CVE-2024-47178	Npm-basic-auth-connect-1.0.0	details Recommended version: 1.1.0 Description: The package basic-auth-connect is Connect's Basic Auth middleware in its own module. The basic-auth-connect uses a timing-unsafe equality compariso... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21		CVE-2024-47764	Npm-cookie-0.3.1	details Recommended version: 0.7.0 Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
22		CVE-2024-47764	Npm-cookie-0.4.1	details Recommended version: 0.7.0 Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
23		CVE-2024-47764	Npm-cookie-0.5.0	details Recommended version: 0.7.0 Description: The NPM package cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cook... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
24		Cx2c8678d9-d5de	Npm-es5-ext-0.10.62	details Description: This package includes functionality which aims to protest or raise an issue and might include undesired behavior. ### About Similar to a malicious... Vulnerable Package
25		CVE-2025-59436	Npm-ip-2.0.0	details Description: The ip (aka node-ip) package might allow Server-Side Request Forgery (SSRF) because the IP address value '017700000001' is improperly categorized a... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
26		CVE-2025-59437	Npm-ip-2.0.0	details Description: The ip (aka node-ip) package (in NPM) might allow Server-Side Request Forgery (SSRF) because the IP address value "0" is improperly categorized as ... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR