|
15 | 15 | "vulnerabilities" : [ |
16 | 16 | { |
17 | 17 | "below" : "1.6.3", |
18 | | - "severity": "high", |
| 18 | + "severity": "medium", |
19 | 19 | "identifiers": { "CVE": "CVE-2011-4969" }, |
20 | 20 | "info" : [ "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969" , "http://research.insecurelabs.org/jquery/test/" ] |
21 | 21 | }, |
22 | 22 | { |
23 | 23 | "below" : "1.9.0b1", |
24 | | - "identifiers": { "bug": "11290" }, |
25 | | - "severity": "high", |
| 24 | + "identifiers": { |
| 25 | + "bug": "11290", |
| 26 | + "summary": "Selector interpreted as HTML" |
| 27 | + }, |
| 28 | + "severity": "medium", |
26 | 29 | "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]} |
27 | 30 | ], |
28 | 31 | "extractors" : { |
|
42 | 45 | "vulnerabilities" : [ |
43 | 46 | { |
44 | 47 | "below" : "1.2.0", |
45 | | - "severity": "high", |
46 | | - "identifiers": {"release": "jQuery Migrate 1.2.0 Released"}, |
| 48 | + "severity": "medium", |
| 49 | + "identifiers": { |
| 50 | + "release": "jQuery Migrate 1.2.0 Released", |
| 51 | + "summary": "cross-site-scripting" |
| 52 | + }, |
47 | 53 | "info" : [ "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/" ] |
48 | 54 | }, |
49 | 55 | { |
50 | 56 | "below" : "1.2.2", |
51 | | - "severity": "high", |
52 | | - "identifiers": { "bug": "11290" }, |
| 57 | + "severity": "medium", |
| 58 | + "identifiers": { |
| 59 | + "bug": "11290", |
| 60 | + "summary": "Selector interpreted as HTML" |
| 61 | + }, |
53 | 62 | "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ] |
54 | 63 | } |
55 | 64 | ], |
|
75 | 84 | }, |
76 | 85 | { |
77 | 86 | "below" : "1.1.2", |
78 | | - "severity": "high", |
79 | | - "identifiers": {"issue": "4787", "release": "http://jquerymobile.com/changelog/1.1.2/"}, |
| 87 | + "severity": "medium", |
| 88 | + "identifiers": { |
| 89 | + "issue": "4787", |
| 90 | + "release": "http://jquerymobile.com/changelog/1.1.2/", |
| 91 | + "summary": "location.href cross-site scripting" |
| 92 | + }, |
80 | 93 | "info": [ "http://jquerymobile.com/changelog/1.1.2/", "https://github.com/jquery/jquery-mobile/issues/4787" ] |
81 | 94 | }, |
82 | 95 | { |
83 | 96 | "below" : "1.2.0", |
84 | | - "severity": "high", |
85 | | - "identifiers": {"issue": "4787", "release": "http://jquerymobile.com/changelog/1.2.0/"}, |
| 97 | + "severity": "medium", |
| 98 | + "identifiers": { |
| 99 | + "issue": "4787", |
| 100 | + "release": "http://jquerymobile.com/changelog/1.2.0/", |
| 101 | + "summary": "location.href cross-site scripting" |
| 102 | + }, |
86 | 103 | "info": [ "http://jquerymobile.com/changelog/1.2.0/", "https://github.com/jquery/jquery-mobile/issues/4787" ] |
87 | 104 | } |
88 | 105 | ], |
|
99 | 116 | { |
100 | 117 | "atOrAbove": "1.8.9", |
101 | 118 | "below" : "1.10.0", |
102 | | - "severity": "high", |
103 | | - "identifiers": {"bug": "6016"}, |
| 119 | + "severity": "medium", |
| 120 | + "identifiers": { |
| 121 | + "bug": "6016", |
| 122 | + "summary": "Title cross-site scripting vulnerability" |
| 123 | + }, |
104 | 124 | "info" : [ "http://bugs.jqueryui.com/ticket/6016" ] |
105 | 125 | } |
106 | 126 | ], |
|
132 | 152 | "atOrAbove": "1.9.2", |
133 | 153 | "below" : "1.10.0", |
134 | 154 | "severity": "high", |
135 | | - "identifiers": {"bug": "8859"}, |
| 155 | + "identifiers": { |
| 156 | + "bug": "8859", |
| 157 | + "summary": "Autocomplete cross-site scripting vulnerability" |
| 158 | + }, |
136 | 159 | "info" : [ "http://bugs.jqueryui.com/ticket/8859" ] |
137 | 160 | } |
138 | 161 | ], |
|
181 | 204 | { |
182 | 205 | "below" : "2.2.0", |
183 | 206 | "severity": "high", |
184 | | - "identifiers": {"release": "2.2.0"}, |
| 207 | + "identifiers": { |
| 208 | + "release": "2.2.0", |
| 209 | + "summary": "Flash SWF vulnerability" |
| 210 | + }, |
185 | 211 | "info" : [ "http://jplayer.org/latest/release-notes/" ] |
186 | 212 | } |
187 | 213 | ], |
|
197 | 223 | "vulnerabilities" : [ |
198 | 224 | { |
199 | 225 | "below" : "1.01", |
200 | | - "severity": "high", |
| 226 | + "severity": "low", |
| 227 | + "identifiers": {"summary": "Unsanitized data passed to eval()"}, |
201 | 228 | "info" : [ "http://www.thomasfrank.se/sessionvars.html" ] |
202 | 229 | } |
203 | 230 | ], |
|
259 | 286 | }, |
260 | 287 | { |
261 | 288 | "below" : "2.9.0", |
262 | | - "severity": "high", |
| 289 | + "severity": "medium", |
263 | 290 | "identifiers": {"CVE": "CVE-2010-4710"}, |
264 | 291 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4710/" ] |
265 | 292 | }, |
|
320 | 347 | { |
321 | 348 | "atOrAbove" : "1.3.0-*", |
322 | 349 | "below" : "1.3.2", |
323 | | - "severity": "high", |
| 350 | + "severity": "medium", |
324 | 351 | "identifiers": {"CVE": "CVE-2014-0046"}, |
325 | 352 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ] |
326 | 353 | }, |
327 | 354 | { |
328 | 355 | "atOrAbove" : "1.2.0-*", |
329 | 356 | "below" : "1.2.2", |
330 | | - "severity": "high", |
| 357 | + "severity": "medium", |
331 | 358 | "identifiers": {"CVE": "CVE-2014-0046"}, |
332 | 359 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ] }, |
333 | 360 | { |
|
368 | 395 | { |
369 | 396 | "atOrAbove" : "1.0.0-rc.1", |
370 | 397 | "below" : "1.0.0-rc.1.1", |
371 | | - "severity": "high", |
| 398 | + "severity": "medium", |
372 | 399 | "identifiers": {"CVE": "CVE-2013-4170"}, |
373 | 400 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
374 | 401 | }, |
375 | 402 | { |
376 | 403 | "atOrAbove" : "1.0.0-rc.2", |
377 | 404 | "below" : "1.0.0-rc.2.1", |
378 | | - "severity": "high", |
| 405 | + "severity": "medium", |
379 | 406 | "identifiers": {"CVE": "CVE-2013-4170"}, |
380 | 407 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
381 | 408 | }, |
382 | 409 | { |
383 | 410 | "atOrAbove" : "1.0.0-rc.3", |
384 | 411 | "below" : "1.0.0-rc.3.1", |
385 | | - "severity": "high", |
| 412 | + "severity": "medium", |
386 | 413 | "identifiers": {"CVE": "CVE-2013-4170"}, |
387 | 414 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
388 | 415 | }, |
389 | 416 | { |
390 | 417 | "atOrAbove" : "1.0.0-rc.4", |
391 | 418 | "below" : "1.0.0-rc.4.1", |
392 | | - "severity": "high", |
| 419 | + "severity": "medium", |
393 | 420 | "identifiers": {"CVE": "CVE-2013-4170"}, |
394 | 421 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
395 | 422 | }, |
396 | 423 | { |
397 | 424 | "atOrAbove" : "1.0.0-rc.5", |
398 | 425 | "below" : "1.0.0-rc.5.1", |
399 | | - "severity": "high", |
| 426 | + "severity": "medium", |
400 | 427 | "identifiers": {"CVE": "CVE-2013-4170"}, |
401 | 428 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
402 | 429 | }, |
403 | 430 | { |
404 | 431 | "atOrAbove" : "1.0.0-rc.6", |
405 | 432 | "below" : "1.0.0-rc.6.1", |
406 | | - "severity": "high", |
| 433 | + "severity": "medium", |
407 | 434 | "identifiers": {"CVE": "CVE-2013-4170"}, |
408 | 435 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ] |
409 | 436 | }, |
|
414 | 441 | { |
415 | 442 | "below" : "0.9.7", |
416 | 443 | "severity": "high", |
417 | | - "identifiers": {"bug": "699"}, |
| 444 | + "identifiers": { |
| 445 | + "bug": "699", |
| 446 | + "summary": "Bound attributes aren't escaped properly" |
| 447 | + }, |
418 | 448 | "info" : [ "https://github.com/emberjs/ember.js/issues/699" ] |
419 | 449 | } |
420 | 450 | ], |
|
476 | 506 | }, |
477 | 507 | { |
478 | 508 | "below" : "1.4.2", |
479 | | - "severity": "high", |
| 509 | + "severity": "medium", |
480 | 510 | "identifiers": {"CVE": "CVE-2010-2275"}, |
481 | 511 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-2275/"] |
482 | 512 | }, |
483 | 513 | { |
484 | 514 | "below" : "1.1", |
485 | | - "severity": "high", |
| 515 | + "severity": "medium", |
486 | 516 | "identifiers": {"CVE": "CVE-2008-6681"}, |
487 | 517 | "info" : [ "http://www.cvedetails.com/cve/CVE-2008-6681/"] |
488 | 518 | } |
|
513 | 543 | { |
514 | 544 | "below" : "1.2.0", |
515 | 545 | "severity": "high", |
| 546 | + "identifiers": { |
| 547 | + "summary": [ |
| 548 | + "execution of arbitrary javascript", |
| 549 | + "sandboxing fails", |
| 550 | + "possible cross-site scripting vulnerabilities" |
| 551 | + ] |
| 552 | + }, |
516 | 553 | "info" : [ "https://code.google.com/p/mustache-security/wiki/AngularJS" ] |
517 | 554 | }, |
518 | 555 | { |
519 | 556 | "below" : "1.2.19", |
520 | | - "severity": "high", |
521 | | - "identifiers": {"release": "1.3.0-beta.14"}, |
| 557 | + "severity": "medium", |
| 558 | + "identifiers": { |
| 559 | + "release": "1.3.0-beta.14", |
| 560 | + "summary": "execution of arbitrary javascript" |
| 561 | + }, |
522 | 562 | "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ] |
523 | 563 | }, |
524 | 564 | { |
525 | 565 | "below" : "1.2.24", |
526 | | - "severity": "high", |
527 | | - "identifier": {"commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8"}, |
| 566 | + "severity": "medium", |
| 567 | + "identifiers": { |
| 568 | + "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8", |
| 569 | + "summary": "execution of arbitrary javascript" |
| 570 | + }, |
528 | 571 | "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"] |
529 | 572 | }, |
530 | 573 | { |
531 | 574 | "atOrAbove" : "1.3.0-beta.1", |
532 | 575 | "below" : "1.3.0-beta.14", |
533 | | - "severity": "high", |
534 | | - "identifier": {"commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8"}, |
| 576 | + "severity": "medium", |
| 577 | + "identifiers": { |
| 578 | + "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8", |
| 579 | + "summary": "execution of arbitrary javascript" |
| 580 | + }, |
535 | 581 | "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ] |
536 | 582 | }, |
537 | 583 | { |
538 | 584 | "atOrAbove" : "1.3.0-beta.1", |
539 | 585 | "below" : "1.3.0-rc.1", |
540 | | - "severity": "high", |
541 | | - "identifier": {"commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8"}, |
| 586 | + "severity": "medium", |
| 587 | + "identifiers": { |
| 588 | + "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8", |
| 589 | + "summary": "execution of arbitrary javascript" |
| 590 | + }, |
542 | 591 | "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"] |
543 | 592 | } |
544 | 593 |
|
|
555 | 604 | "vulnerabilities" : [ |
556 | 605 | { |
557 | 606 | "below" : "0.5.0", |
558 | | - "severity": "high", |
559 | | - "identifiers": {"release": "0.5.0"}, |
| 607 | + "severity": "medium", |
| 608 | + "identifiers": { |
| 609 | + "release": "0.5.0", |
| 610 | + "summary": "cross-site scripting vulnerability" |
| 611 | + }, |
560 | 612 | "info" : [ "http://backbonejs.org/#changelog" ] |
561 | 613 | } |
562 | 614 | ], |
|
573 | 625 | { |
574 | 626 | "below" : "0.3.1", |
575 | 627 | "severity": "high", |
576 | | - "identifiers": {"bug": "112"}, |
| 628 | + "identifiers": { |
| 629 | + "bug": "112", |
| 630 | + "summary": "execution of arbitrary javascript" |
| 631 | + }, |
577 | 632 | "info" : [ "https://github.com/janl/mustache.js/issues/112" ] } ], |
578 | 633 | "extractors" : { |
579 | 634 | "func" : [ "Mustache.version" ], |
|
590 | 645 | "vulnerabilities" : [ |
591 | 646 | { |
592 | 647 | "below" : "1.0.0.beta.3", |
593 | | - "severity": "high", |
| 648 | + "severity": "medium", |
| 649 | + "identifiers": { |
| 650 | + "summary": "poorly sanitized input passed to eval()" |
| 651 | + }, |
594 | 652 | "info" : [ "https://github.com/wycats/handlebars.js/pull/68" ] } ], |
595 | 653 | "extractors" : { |
596 | 654 | "func" : [ "Handlebars.VERSION" ], |
|
0 commit comments