mixellent / dvpwa Goto Github PK

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: dvpwa/requirements.txt

Path to vulnerable library: dvpwa/requirements.txt

Dependency Hierarchy:

• trafaret-config-2.0.2.tar.gz (Root Library)
  • ❌ PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

A vulnerability was discovered in the PyYAML library in all versions, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. .load() defaults to using FullLoader and FullLoader is still vulnerable to RCE when run on untrusted input. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
The fix for CVE-2020-1747 was not enough to fix this issue.

Publish Date: 2020-07-21

URL: CVE-2020-14343

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: dvpwa/requirements.txt

Path to vulnerable library: dvpwa/requirements.txt

Dependency Hierarchy:

• trafaret-config-2.0.2.tar.gz (Root Library)
  • ❌ PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Publish Date: 2020-03-24

URL: CVE-2020-1747

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747

Release Date: 2020-03-24

Fix Resolution: 5.3.1

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to vulnerable library: dvpwa/sqli/static/js/jquery-3.2.1.min.js

Dependency Hierarchy:

• ❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to vulnerable library: dvpwa/sqli/static/js/jquery-3.2.1.min.js

Dependency Hierarchy:

• ❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Vulnerable Library - Jinja2-2.10-py2.py3-none-any.whl

A very fast and expressive template engine.

Library home page: https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl

Path to dependency file: dvpwa/requirements.txt

Path to vulnerable library: dvpwa/requirements.txt

Dependency Hierarchy:

• ❌ Jinja2-2.10-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Publish Date: 2019-04-07

URL: CVE-2019-10906

CVSS 3 Score Details (8.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906

Release Date: 2019-04-07

Fix Resolution: 2.10.1

Vulnerable Library - PyYAML-3.13.tar.gz

YAML parser and emitter for Python

Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz

Path to dependency file: dvpwa/requirements.txt

Path to vulnerable library: dvpwa/requirements.txt

Dependency Hierarchy:

• trafaret-config-2.0.2.tar.gz (Root Library)
  • ❌ PyYAML-3.13.tar.gz (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Publish Date: 2018-06-27

URL: CVE-2017-18342

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18342

Release Date: 2018-06-27

Fix Resolution: PyYAML - 5.1

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to vulnerable library: dvpwa/sqli/static/js/jquery-3.2.1.min.js

Dependency Hierarchy:

• ❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 5dc2a1a93b682867b37b84c45c650a6da8127ed4

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0