Merge pull request #233 from ejarocki-cloudlinux/doc/request-lodash-CVEs

annkots · web-flow · commit f43ce91dcad8 · 2025-10-03T17:54:20.000+03:00
Add Resolved CVEs section to Angular, Request and Lodash
diff --git a/docs/els-for-runtimes-and-libraries/angular/README.md b/docs/els-for-runtimes-and-libraries/angular/README.md
@@ -403,6 +403,68 @@ If you have already installed a package with a `tuxcare.1` suffix and want to up
 
   </CodeWithCopy>
 
+## Resolved CVEs
+
+Fixes for the following vulnerabilities are available in ELS for Angular from TuxCare versions:
+
+<TableTabs label="Choose Angular version: " >
+
+<template #Angular__14>
+
+| CVE ID         | CVE Type | Severity |  Affected Library | Vulnerable Versions |
+| :------------: | :------: | :------: | :---------------: | :-----------------: |
+| CVE-2024-29180 | Transitive | High | webpack-dev-middleware | <=5.3.3 |
+| CVE-2025-27789 | Transitive | Moderate | @babel/runtime | <7.26.10 |
+| GHSA-67mh-4wv8-2f99 | Transitive | Moderate | esbuild | <=0.24.2 |
+| CVE-2025-30360 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-30359 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2024-43788 | Transitive | Moderate | webpack | 5.0.0-alpha.0 - 5.93.0 |
+| CVE-2025-54798 | Transitive | Low | tmp | <=0.2.3 |
+
+  </template>
+
+<template #Angular__15>
+
+| CVE ID         | CVE Type | Severity |  Affected Library | Vulnerable Versions |
+| :------------: | :------: | :------: | :---------------: | :-----------------: |
+| CVE-2025-27789 | Transitive | Moderate | @babel/runtime | <7.26.10 |
+| GHSA-67mh-4wv8-2f99 | Transitive | Moderate | esbuild | <=0.24.2 |
+| CVE-2025-30360 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-30359 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2024-43788 | Transitive | Moderate | webpack | 5.0.0-alpha.0 - 5.93.0 |
+| CVE-2025-54798 | Transitive | Low | tmp | <=0.2.3 |
+
+  </template>
+
+<template #Angular__16>
+
+| CVE ID         | CVE Type | Severity |  Affected Library | Vulnerable Versions |
+| :------------: | :------: | :------: | :---------------: | :-----------------: |
+| CVE-2025-27789 | Transitive | Moderate | @babel/runtime | <7.26.10 |
+| GHSA-67mh-4wv8-2f99 | Transitive | Moderate | esbuild | <=0.24.2 |
+| CVE-2025-32997 | Transitive | Moderate | http-proxy-middleware | 1.3.0 - 2.0.8 |
+| CVE-2025-30360 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-30359 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-54798 | Transitive | Low | tmp | <=0.2.3 |
+
+  </template>
+
+<template #Angular__17>
+
+| CVE ID         | CVE Type | Severity |  Affected Library | Vulnerable Versions |
+| :------------: | :------: | :------: | :---------------: | :-----------------: |
+| GHSA-67mh-4wv8-2f99 | Transitive | Moderate | esbuild | <=0.24.2 |
+| CVE-2025-32997 | Transitive | Moderate | http-proxy-middleware | 1.3.0 - 2.0.8 |
+| CVE-2025-30360 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-30359 | Transitive | Moderate | webpack-dev-server | <=5.2.0 |
+| CVE-2025-54798 | Transitive | Low | tmp | <=0.2.3 |
+
+  </template>
+
+</TableTabs>
+
+If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
+
 <script setup>
 const Angular19WithSSR =
 `"dependencies": {
diff --git a/docs/els-for-runtimes-and-libraries/lodash/README.md b/docs/els-for-runtimes-and-libraries/lodash/README.md
@@ -156,3 +156,38 @@ If you have already installed a package with a `tuxcare.1` suffix and want to up
   ```
 
   </CodeWithCopy>
+
+## Resolved CVEs
+
+Fixes for the following vulnerabilities are available in ELS for Lodash from TuxCare versions:
+
+<TableTabs label="Choose Lodash version: " >
+
+  <template #Lodash__4.5.0>
+
+| CVE ID         | CVE Type | Severity |  Affected Libraries | Vulnerable Version |
+| :------------: | :------: |:--------:| :-----------------: |:------------------:|
+| CVE-2021-23337  | Direct   |   High   | Lodash             |      <4.17.20      |
+
+  </template>
+
+  <template #Lodash__4.17.15>
+
+| CVE ID         | CVE Type | Severity |  Affected Libraries | Vulnerable Version |
+| :------------: | :------: | :------: | :-----------------: | :----------------: |
+| CVE-2020-8203  | Direct   | High   | Lodash             | <4.17.20            |
+
+  </template>
+
+  <template #Lodash__4.17.19>
+
+| CVE ID         | CVE Type | Severity |  Affected Libraries | Vulnerable Version |
+| :------------: | :------: | :------: | :-----------------: |:------------------:|
+| CVE-2020-8203  | Direct   | High   | Lodash             |      <4.17.20      |
+
+  </template>
+
+</TableTabs>
+
+
+If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
diff --git a/docs/els-for-runtimes-and-libraries/request/README.md b/docs/els-for-runtimes-and-libraries/request/README.md
@@ -142,3 +142,31 @@ If you have already installed a package with a `tuxcare.1` suffix and want to up
   ```
 
   </CodeWithCopy>
+
+## Resolved CVEs
+
+Fixes for the following vulnerabilities are available in ELS for Request from TuxCare versions:
+
+<TableTabs label="Choose Request version: " >
+
+<template #Request__2.88.0>
+
+| CVE ID         |  CVE Type  | Severity | Affected Libraries | Vulnerable Version |
+| :------------: |:----------:|:--------:|:------------------:|:------------------:|
+| CVE-2025-7783  | Transitive | Critical |     Form-Data      |      < 2.5.4      |
+| CVE-2023-28155  |   Direct   |  Medium  |      Request       |      <=2.88.1      |
+
+  </template>
+
+<template #Request__2.88.2>
+
+| CVE ID         | CVE Type | Severity | Affected Libraries | Vulnerable Version |
+| :------------: | :------: |:--------:|:------------------:| :----------------: |
+| CVE-2025-7783  | Transitive | Critical |     Form-Data      |      < 2.5.4      |
+
+  </template>
+
+</TableTabs>
+
+
+If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
