From 1f2716d41636cfb2d83b29655ebbbe8afb39d8cd Mon Sep 17 00:00:00 2001 From: ed382 <174873053+ed382@users.noreply.github.com> Date: Thu, 7 Nov 2024 17:33:06 +0100 Subject: [PATCH] docs: upate image inventory (#165) * fix: add repos * feat: add update date to the report * fix: use force push * docs: upate image inventory --------- Co-authored-by: ed382 --- .github/workflows/update-image-inventory.yaml | 1 + .../inventory/generated/agent_images.md | 2 +- .../bitnami-mongodb-7.0.12_linux_amd64.md | 481 ++++++++--------- .../bitnami-mongodb-7.0.12_linux_arm64.md | 489 +++++++++--------- .../articles/inventory/generated/cp_images.md | 7 +- .../generated/dex-v2.41.1_linux_amd64.md | 10 +- .../generated/dex-v2.41.1_linux_arm64.md | 77 ++- .../kube-rbac-proxy-v0.18.1_linux_amd64.md | 6 +- .../kube-rbac-proxy-v0.18.1_linux_arm64.md | 6 +- .../kube-webhook-certgen-0.0.4_linux_arm64.md | 2 +- .../generated/kubectl-v1.23.7_linux_arm64.md | 2 +- ...minio-2024.8.3-debian-12-r1_linux_amd64.md | 325 +++++------- ...minio-2024.8.3-debian-12-r1_linux_arm64.md | 299 +++++------ .../nats-2.10.22-alpine_linux_arm64.md | 2 +- .../nats-2.10.9-alpine_linux_amd64.md | 58 +-- .../nats-2.10.9-alpine_linux_arm64.md | 58 +-- ...rver-config-reloader-0.14.1_linux_amd64.md | 100 ++-- ...rver-config-reloader-0.14.1_linux_arm64.md | 168 ++++-- ...rver-config-reloader-0.16.0_linux_arm64.md | 37 +- ...etheus-nats-exporter-0.15.0_linux_amd64.md | 413 --------------- ...etheus-nats-exporter-0.15.0_linux_arm64.md | 335 ------------ .../testkube-api-server-2.1.56_linux_amd64.md | 22 +- .../testkube-api-server-2.1.56_linux_arm64.md | 70 ++- ...ube-enterprise-api-1.10.78_linux_amd64.md} | 6 +- ...ube-enterprise-api-1.10.78_linux_arm64.md} | 6 +- ...estkube-enterprise-ui-2.7.0_linux_amd64.md | 14 - ...estkube-enterprise-ui-2.7.0_linux_arm64.md | 14 - ...estkube-enterprise-ui-2.7.1_linux_amd64.md | 34 ++ ...estkube-enterprise-ui-2.7.1_linux_arm64.md | 34 ++ ...rise-worker-service-1.10.74_linux_amd64.md | 6 +- ...rise-worker-service-1.10.74_linux_arm64.md | 6 +- .../testkube-tw-toolkit-2.1.56_linux_amd64.md | 22 +- .../testkube-tw-toolkit-2.1.56_linux_arm64.md | 22 +- scripts/cp_images.txt | 5 +- scripts/image.sh | 7 +- 35 files changed, 1299 insertions(+), 1847 deletions(-) delete mode 100644 docs/articles/inventory/generated/prometheus-nats-exporter-0.15.0_linux_amd64.md delete mode 100644 docs/articles/inventory/generated/prometheus-nats-exporter-0.15.0_linux_arm64.md rename docs/articles/inventory/generated/{testkube-enterprise-api-1.10.74_linux_amd64.md => testkube-enterprise-api-1.10.78_linux_amd64.md} (85%) rename docs/articles/inventory/generated/{testkube-enterprise-api-1.10.74_linux_arm64.md => testkube-enterprise-api-1.10.78_linux_arm64.md} (85%) delete mode 100644 docs/articles/inventory/generated/testkube-enterprise-ui-2.7.0_linux_amd64.md delete mode 100644 docs/articles/inventory/generated/testkube-enterprise-ui-2.7.0_linux_arm64.md create mode 100644 docs/articles/inventory/generated/testkube-enterprise-ui-2.7.1_linux_amd64.md create mode 100644 docs/articles/inventory/generated/testkube-enterprise-ui-2.7.1_linux_arm64.md diff --git a/.github/workflows/update-image-inventory.yaml b/.github/workflows/update-image-inventory.yaml index b162cda3..de558296 100644 --- a/.github/workflows/update-image-inventory.yaml +++ b/.github/workflows/update-image-inventory.yaml @@ -41,3 +41,4 @@ jobs: commit_message: "docs: upate image inventory" branch: update-image-inventory create_branch: true + push_options: '--force' diff --git a/docs/articles/inventory/generated/agent_images.md b/docs/articles/inventory/generated/agent_images.md index 7fad0078..f44508da 100644 --- a/docs/articles/inventory/generated/agent_images.md +++ b/docs/articles/inventory/generated/agent_images.md @@ -1,6 +1,6 @@ :::info -Based on chart `testkube` as of version `2.1.75` +Based on chart `testkube` as of version `2.1.75` on 07-11-2024 ::: diff --git a/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md b/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md index 64bb5205..8cc40f17 100644 --- a/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md +++ b/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md @@ -3,7 +3,7 @@ hide_table_of_contents: true --- - +
digestsha256:43aa0e5c2e3eff47a9d82ab89e3d0bdde515b9b64628d328a18342e1facba8aa
vulnerabilitiescritical: 0 high: 10 medium: 11 low: 16 unspecified: 2
digestsha256:43aa0e5c2e3eff47a9d82ab89e3d0bdde515b9b64628d328a18342e1facba8aa
vulnerabilitiescritical: 0 high: 10 medium: 13 low: 17
size211 MB
packages680
@@ -12,7 +12,7 @@ hide_table_of_contents: true
-
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.21.12 (golang) +
critical: 0 high: 3 medium: 1 low: 0 stdlib 1.21.12 (golang) pkg:golang/stdlib@1.21.12
high : CVE--2024--34158 @@ -66,7 +66,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
-unspecified : CVE--2024--34155 +medium : CVE--2024--34155 @@ -85,7 +85,7 @@ Calling any of the Parse functions on Go source code which contains deeply neste
Affected range<1.22.7
-
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.22.5 (golang) +
critical: 0 high: 3 medium: 1 low: 0 stdlib 1.22.5 (golang) pkg:golang/stdlib@1.22.5
high : CVE--2024--34158 @@ -139,7 +139,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
-unspecified : CVE--2024--34155 +medium : CVE--2024--34155 @@ -158,24 +158,60 @@ Calling any of the Parse functions on Go source code which contains deeply neste + +
Affected range<1.22.7
-
critical: 0 high: 1 medium: 0 low: 0 dset 3.1.3 (npm) +
critical: 0 high: 1 medium: 0 low: 0 path-to-regexp 1.8.0 (npm) -pkg:npm/dset@3.1.3
-high 8.2: CVE--2024--21529 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') +pkg:npm/path-to-regexp@1.8.0
+high 7.5: CVE--2024--45296 Inefficient Regular Expression Complexity - - - - + + + + - +
Affected range<3.1.4
Fixed version3.1.4
CVSS Score8.2
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Affected range>=0.2.0
<1.9.0
Fixed version1.9.0
CVSS Score7.5
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
EPSS Score0.04%
EPSS Percentile10th percentile
EPSS Percentile17th percentile
Description
-Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. +### Impact + +A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (`.`). For example, `/:a-:b`. + +### Patches + +For users of 0.1, upgrade to `0.1.10`. All other users should upgrade to `8.0.0`. + +These versions add backtrack protection when a custom regex pattern is not provided: + +- [0.1.10](https://github.com/pillarjs/path-to-regexp/releases/tag/v0.1.10) +- [1.9.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v1.9.0) +- [3.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v3.3.0) +- [6.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v6.3.0) + +They do not protect against vulnerable user supplied capture groups. Protecting against explicit user patterns is out of scope for old versions and not considered a vulnerability. + +Version [7.1.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0) can enable `strict: true` and get an error when the regular expression might be bad. + +Version [8.0.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v8.0.0) removes the features that can cause a ReDoS. + +### Workarounds + +All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change `/:a-:b` to `/:a-:b([^-/]+)`. + +If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves performance by 4x faster. + +### Details + +Using `/:a-:b` will produce the regular expression `/^\/([^\/]+?)-([^\/]+?)\/?$/`. This can be exploited by a path such as `/a${'-a'.repeat(8_000)}/a`. [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) has a good example of why this occurs, but the TL;DR is the `/a` at the end ensures this route would never match but due to naive backtracking it will still attempt every combination of the `:a-:b` on the repeated 8,000 `-a`. + +Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and can lead to a DoS. In local benchmarks, exploiting the unsafe regex will result in performance that is over 1000x worse than the safe regex. In a more realistic environment using Express v4 and 10 concurrent connections, this translated to average latency of ~600ms vs 1ms. + +### References + +* [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) +* [Detailed blog post](https://blakeembrey.com/posts/2024-09-web-redos/)
@@ -275,60 +311,24 @@ Because JavaScript is single threaded and regex matching runs on the main thread
-
critical: 0 high: 1 medium: 0 low: 0 path-to-regexp 1.8.0 (npm) +
critical: 0 high: 1 medium: 0 low: 0 dset 3.1.3 (npm) -pkg:npm/path-to-regexp@1.8.0
-high 7.5: CVE--2024--45296 Inefficient Regular Expression Complexity +pkg:npm/dset@3.1.3
+high 8.2: CVE--2024--21529 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') - - - - + + + + - +
Affected range>=0.2.0
<1.9.0
Fixed version1.9.0
CVSS Score7.5
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
Affected range<3.1.4
Fixed version3.1.4
CVSS Score8.2
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
EPSS Score0.04%
EPSS Percentile17th percentile
EPSS Percentile10th percentile
Description
-### Impact - -A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (`.`). For example, `/:a-:b`. - -### Patches - -For users of 0.1, upgrade to `0.1.10`. All other users should upgrade to `8.0.0`. - -These versions add backtrack protection when a custom regex pattern is not provided: - -- [0.1.10](https://github.com/pillarjs/path-to-regexp/releases/tag/v0.1.10) -- [1.9.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v1.9.0) -- [3.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v3.3.0) -- [6.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v6.3.0) - -They do not protect against vulnerable user supplied capture groups. Protecting against explicit user patterns is out of scope for old versions and not considered a vulnerability. - -Version [7.1.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0) can enable `strict: true` and get an error when the regular expression might be bad. - -Version [8.0.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v8.0.0) removes the features that can cause a ReDoS. - -### Workarounds - -All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change `/:a-:b` to `/:a-:b([^-/]+)`. - -If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves performance by 4x faster. - -### Details - -Using `/:a-:b` will produce the regular expression `/^\/([^\/]+?)-([^\/]+?)\/?$/`. This can be exploited by a path such as `/a${'-a'.repeat(8_000)}/a`. [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) has a good example of why this occurs, but the TL;DR is the `/a` at the end ensures this route would never match but due to naive backtracking it will still attempt every combination of the `:a-:b` on the repeated 8,000 `-a`. - -Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and can lead to a DoS. In local benchmarks, exploiting the unsafe regex will result in performance that is over 1000x worse than the safe regex. In a more realistic environment using Express v4 and 10 concurrent connections, this translated to average latency of ~600ms vs 1ms. - -### References - -* [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) -* [Detailed blog post](https://blakeembrey.com/posts/2024-09-web-redos/) +Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
@@ -428,6 +428,49 @@ Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rm
+
critical: 0 high: 0 medium: 1 low: 1 gcc-12 12.3.0-1ubuntu1~22.04 (deb) + +pkg:deb/ubuntu/gcc-12@12.3.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04
+medium 4.8: CVE--2023--4039 + + + + + + + + +
Affected range>=0
Fixed versionNot Fixed
CVSS Score4.8
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score0.06%
EPSS Percentile26th percentile
+ +
Description +
+ +**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. + +
+
+ +low 5.5: CVE--2022--27943 + + + + + + + + +
Affected range>=0
Fixed versionNot Fixed
CVSS Score5.5
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score0.09%
EPSS Percentile39th percentile
+ +
Description +
+ +libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. + +
+
+
critical: 0 high: 0 medium: 1 low: 1 openssl 3.0.2-0ubuntu1.17 (deb) @@ -468,43 +511,37 @@ Validating the order of the public keys in the Diffie-Hellman Key Agreement Prot
-
critical: 0 high: 0 medium: 1 low: 1 gcc-12 12.3.0-1ubuntu1~22.04 (deb) +
critical: 0 high: 0 medium: 1 low: 1 curl 7.81.0-1ubuntu1.17 (deb) -pkg:deb/ubuntu/gcc-12@12.3.0-1ubuntu1~22.04?os_distro=jammy&os_name=ubuntu&os_version=22.04
-medium 4.8: CVE--2023--4039 +pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.17?os_distro=jammy&os_name=ubuntu&os_version=22.04
+medium : CVE--2024--8096 - - - - - - + + + +
Affected range>=0
Fixed versionNot Fixed
CVSS Score4.8
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score0.06%
EPSS Percentile26th percentile
Affected range<7.81.0-1ubuntu1.18
Fixed version7.81.0-1ubuntu1.18
EPSS Score0.04%
EPSS Percentile17th percentile
Description
-**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. +When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
-low 5.5: CVE--2022--27943 +low : CVE--2024--9681 - - - -
Affected range>=0
Fixed versionNot Fixed
CVSS Score5.5
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score0.09%
EPSS Percentile39th percentile
Description
-libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. +HSTS subdomain overwrites parent cache entry
@@ -555,14 +592,14 @@ successful exploitation of this vector requires the following:
-
critical: 0 high: 0 medium: 1 low: 0 express 4.19.2 (npm) +
critical: 0 high: 0 medium: 1 low: 0 send 0.18.0 (npm) -pkg:npm/express@4.19.2
-medium 5.0: CVE--2024--43796 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') +pkg:npm/send@0.18.0
+medium 5.0: CVE--2024--43799 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - - + + @@ -574,11 +611,11 @@ successful exploitation of this vector requires the following: ### Impact -In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code +passing untrusted user input - even after sanitizing it - to `SendStream.redirect()` may execute untrusted code ### Patches -this issue is patched in express 4.20.0 +this issue is patched in send 0.19.0 ### Workarounds @@ -599,22 +636,44 @@ successful exploitation of this vector requires the following: - - @@ -890,24 +905,76 @@ ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_term
Affected range<4.20.0
Fixed version4.20.0
Affected range<0.19.0
Fixed version0.19.0
CVSS Score5
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
EPSS Score0.05%
-
critical: 0 high: 0 medium: 1 low: 0 curl 7.81.0-1ubuntu1.17 (deb) +
critical: 0 high: 0 medium: 1 low: 0 express 4.19.2 (npm) -pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.17?os_distro=jammy&os_name=ubuntu&os_version=22.04
-medium : CVE--2024--8096 +pkg:npm/express@4.19.2
+medium 5.0: CVE--2024--43796 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - - - - + + + + + +
Affected range<7.81.0-1ubuntu1.18
Fixed version7.81.0-1ubuntu1.18
EPSS Score0.04%
EPSS Percentile17th percentile
Affected range<4.20.0
Fixed version4.20.0
CVSS Score5
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
EPSS Score0.05%
EPSS Percentile18th percentile
Description
-When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. +### Impact + +In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code + +### Patches + +this issue is patched in express 4.20.0 + +### Workarounds + +users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist + +### Details + +successful exploitation of this vector requires the following: + +1. The attacker MUST control the input to response.redirect() +1. express MUST NOT redirect before the template appears +1. the browser MUST NOT complete redirection before: +1. the user MUST click on the link in the template +
@@ -800,50 +859,6 @@ A possible patch to this vulnerability could refer to the Google Closure project Please note that if we do not receive a response from the development team within three months, we will disclose this vulnerability to the CVE agent. - -
-
-
critical: 0 high: 0 medium: 1 low: 0 send 0.18.0 (npm) - -pkg:npm/send@0.18.0
-medium 5.0: CVE--2024--43799 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - - - - - - - - -
Affected range<0.19.0
Fixed version0.19.0
CVSS Score5
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
EPSS Score0.05%
EPSS Percentile18th percentile
- -
Description -
- -### Impact - -passing untrusted user input - even after sanitizing it - to `SendStream.redirect()` may execute untrusted code - -### Patches - -this issue is patched in send 0.19.0 - -### Workarounds - -users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist - -### Details - -successful exploitation of this vector requires the following: - -1. The attacker MUST control the input to response.redirect() -1. express MUST NOT redirect before the template appears -1. the browser MUST NOT complete redirection before: -1. the user MUST click on the link in the template - -
-
critical: 0 high: 0 medium: 0 low: 1 glibc 2.35-0ubuntu3.8 (deb) +
critical: 0 high: 0 medium: 0 low: 1 cookie 0.6.0 (npm) -pkg:deb/ubuntu/glibc@2.35-0ubuntu3.8?os_distro=jammy&os_name=ubuntu&os_version=22.04
-low 7.5: CVE--2016--20013 +pkg:npm/cookie@0.6.0
+low : CVE--2024--47764 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - - - - - - + + + +
Affected range>=0
Fixed versionNot Fixed
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.18%
EPSS Percentile56th percentile
Affected range<0.7.0
Fixed version0.7.0
EPSS Score0.04%
EPSS Percentile17th percentile
Description
-sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. +### Impact + +The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `