Skip to content

Commit 59e15a1

Browse files
github-actions[bot]github-actions[bot]
authored
Preparing for v4.3.1 release.
1 parent b29dafb commit 59e15a1

File tree

3 files changed

+1026
-892
lines changed

3 files changed

+1026
-892
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"name": "@salesforce/sfdx-scanner",
33
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
4-
"version": "4.3.0",
4+
"version": "4.3.1",
55
"author": "Salesforce Code Analyzer Team",
66
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
77
"dependencies": {

retire-js/RetireJsVulns.json

Lines changed: 159 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1531,6 +1531,59 @@
15311531
"https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
15321532
]
15331533
},
1534+
{
1535+
"atOrAbove": "0",
1536+
"below": "5.11.0",
1537+
"cwe": [
1538+
"CWE-79"
1539+
],
1540+
"severity": "medium",
1541+
"identifiers": {
1542+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
1543+
"CVE": [
1544+
"CVE-2024-38356"
1545+
],
1546+
"githubID": "GHSA-9hcv-j9pv-qmph"
1547+
},
1548+
"info": [
1549+
"https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
1550+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
1551+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
1552+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1553+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1554+
"https://github.com/tinymce/tinymce",
1555+
"https://owasp.org/www-community/attacks/xss",
1556+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1557+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
1558+
"https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
1559+
]
1560+
},
1561+
{
1562+
"atOrAbove": "0",
1563+
"below": "5.11.0",
1564+
"cwe": [
1565+
"CWE-79"
1566+
],
1567+
"severity": "medium",
1568+
"identifiers": {
1569+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
1570+
"CVE": [
1571+
"CVE-2024-38357"
1572+
],
1573+
"githubID": "GHSA-w9jx-4g6g-rp7x"
1574+
},
1575+
"info": [
1576+
"https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
1577+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
1578+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
1579+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1580+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1581+
"https://github.com/tinymce/tinymce",
1582+
"https://owasp.org/www-community/attacks/xss",
1583+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1584+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
1585+
]
1586+
},
15341587
{
15351588
"atOrAbove": "6.0.0",
15361589
"below": "6.3.1",
@@ -1638,6 +1691,59 @@
16381691
"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"
16391692
]
16401693
},
1694+
{
1695+
"atOrAbove": "6.0.0",
1696+
"below": "6.8.4",
1697+
"cwe": [
1698+
"CWE-79"
1699+
],
1700+
"severity": "medium",
1701+
"identifiers": {
1702+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
1703+
"CVE": [
1704+
"CVE-2024-38356"
1705+
],
1706+
"githubID": "GHSA-9hcv-j9pv-qmph"
1707+
},
1708+
"info": [
1709+
"https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
1710+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
1711+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
1712+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1713+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1714+
"https://github.com/tinymce/tinymce",
1715+
"https://owasp.org/www-community/attacks/xss",
1716+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1717+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
1718+
"https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
1719+
]
1720+
},
1721+
{
1722+
"atOrAbove": "6.0.0",
1723+
"below": "6.8.4",
1724+
"cwe": [
1725+
"CWE-79"
1726+
],
1727+
"severity": "medium",
1728+
"identifiers": {
1729+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
1730+
"CVE": [
1731+
"CVE-2024-38357"
1732+
],
1733+
"githubID": "GHSA-w9jx-4g6g-rp7x"
1734+
},
1735+
"info": [
1736+
"https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
1737+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
1738+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
1739+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1740+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1741+
"https://github.com/tinymce/tinymce",
1742+
"https://owasp.org/www-community/attacks/xss",
1743+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1744+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
1745+
]
1746+
},
16411747
{
16421748
"atOrAbove": "0",
16431749
"below": "7.0.0",
@@ -1661,6 +1767,59 @@
16611767
"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
16621768
"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
16631769
]
1770+
},
1771+
{
1772+
"atOrAbove": "7.0.0",
1773+
"below": "7.2.0",
1774+
"cwe": [
1775+
"CWE-79"
1776+
],
1777+
"severity": "medium",
1778+
"identifiers": {
1779+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",
1780+
"CVE": [
1781+
"CVE-2024-38356"
1782+
],
1783+
"githubID": "GHSA-9hcv-j9pv-qmph"
1784+
},
1785+
"info": [
1786+
"https://github.com/advisories/GHSA-9hcv-j9pv-qmph",
1787+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph",
1788+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38356",
1789+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1790+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1791+
"https://github.com/tinymce/tinymce",
1792+
"https://owasp.org/www-community/attacks/xss",
1793+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1794+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview",
1795+
"https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview"
1796+
]
1797+
},
1798+
{
1799+
"atOrAbove": "7.0.0",
1800+
"below": "7.2.0",
1801+
"cwe": [
1802+
"CWE-79"
1803+
],
1804+
"severity": "medium",
1805+
"identifiers": {
1806+
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",
1807+
"CVE": [
1808+
"CVE-2024-38357"
1809+
],
1810+
"githubID": "GHSA-w9jx-4g6g-rp7x"
1811+
},
1812+
"info": [
1813+
"https://github.com/advisories/GHSA-w9jx-4g6g-rp7x",
1814+
"https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x",
1815+
"https://nvd.nist.gov/vuln/detail/CVE-2024-38357",
1816+
"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d",
1817+
"https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0",
1818+
"https://github.com/tinymce/tinymce",
1819+
"https://owasp.org/www-community/attacks/xss",
1820+
"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview",
1821+
"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"
1822+
]
16641823
}
16651824
],
16661825
"extractors": {

0 commit comments

Comments
 (0)