2021-10-27 15:23:28 +05:30
{
2022-10-11 01:57:18 +05:30
"vulnerabilities" : [
{
2022-07-16 23:28:13 +05:30
"category" : "dependency_scanning" ,
"name" : "Vulnerability for remediation testing 1" ,
"message" : "This vulnerability should have ONE remediation" ,
"description" : "" ,
"cve" : "CVE-2137" ,
"severity" : "High" ,
"solution" : "Upgrade to latest version." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
"links" : [
{
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137"
}
] ,
2022-07-16 23:28:13 +05:30
"details" : {
"commit" : {
2022-11-25 23:54:43 +05:30
"name" : "the commit" ,
"description" : "description" ,
2022-07-16 23:28:13 +05:30
"type" : "commit" ,
"value" : "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
}
}
} ,
{
"category" : "dependency_scanning" ,
"name" : "Vulnerability for remediation testing 2" ,
"message" : "This vulnerability should have ONE remediation" ,
"description" : "" ,
"cve" : "CVE-2138" ,
"severity" : "High" ,
"solution" : "Upgrade to latest version." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
"links" : [
{
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138"
}
] ,
2022-07-16 23:28:13 +05:30
"details" : {
"commit" : {
2022-11-25 23:54:43 +05:30
"name" : "the commit" ,
"description" : "description" ,
2022-07-16 23:28:13 +05:30
"type" : "commit" ,
"value" : "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
}
}
} ,
{
"category" : "dependency_scanning" ,
"name" : "Vulnerability for remediation testing 3" ,
"message" : "Remediation for this vulnerability should remediate CVE-2140 as well" ,
"description" : "" ,
"cve" : "CVE-2139" ,
"severity" : "High" ,
"solution" : "Upgrade to latest version." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
"links" : [
{
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139"
}
] ,
2022-07-16 23:28:13 +05:30
"details" : {
"commit" : {
2022-11-25 23:54:43 +05:30
"name" : "the commit" ,
"description" : "description" ,
2022-07-16 23:28:13 +05:30
"type" : "commit" ,
"value" : "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
}
}
} ,
{
"category" : "dependency_scanning" ,
"name" : "Vulnerability for remediation testing 4" ,
"message" : "Remediation for this vulnerability should remediate CVE-2139 as well" ,
"description" : "" ,
"cve" : "CVE-2140" ,
"severity" : "High" ,
"solution" : "Upgrade to latest version." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
"links" : [
{
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140"
}
] ,
2022-07-16 23:28:13 +05:30
"details" : {
"commit" : {
2022-11-25 23:54:43 +05:30
"name" : "the commit" ,
"description" : "description" ,
2022-07-16 23:28:13 +05:30
"type" : "commit" ,
"value" : "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
}
}
} ,
{
"category" : "dependency_scanning" ,
"name" : "Vulnerabilities in libxml2" ,
"message" : "Vulnerabilities in libxml2 in nokogiri" ,
"description" : "" ,
"cve" : "CVE-1020" ,
"severity" : "High" ,
"solution" : "Upgrade to latest version." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
"evidence" : {
"source" : {
"id" : "assert:CORS - Bad 'Origin' value" ,
"name" : "CORS - Bad 'Origin' value"
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"summary" : "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"response" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Server" ,
"value" : "TwistedWeb/20.3.0"
}
] ,
2022-07-16 23:28:13 +05:30
"reason_phrase" : "OK" ,
"status_code" : 200 ,
"body" : "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]"
} ,
2022-10-11 01:57:18 +05:30
"supporting_messages" : [
{
2022-07-16 23:28:13 +05:30
"name" : "Origional" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
}
} ,
{
"name" : "Recorded" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"response" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Server" ,
"value" : "TwistedWeb/20.3.0"
}
] ,
2022-07-16 23:28:13 +05:30
"reason_phrase" : "OK" ,
"status_code" : 200 ,
"body" : "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]"
}
}
]
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
"links" : [
{
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020"
}
] ,
2022-07-16 23:28:13 +05:30
"details" : {
"commit" : {
2022-11-25 23:54:43 +05:30
"name" : "the commit" ,
"description" : "description" ,
2022-07-16 23:28:13 +05:30
"type" : "commit" ,
"value" : "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19"
2021-10-27 15:23:28 +05:30
}
2022-07-16 23:28:13 +05:30
}
} ,
{
"id" : "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" ,
"category" : "dependency_scanning" ,
"name" : "Regular Expression Denial of Service" ,
"message" : "Regular Expression Denial of Service in debug" ,
"description" : "" ,
"cve" : "CVE-1030" ,
"severity" : "Unknown" ,
"solution" : "Upgrade to latest versions." ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
"evidence" : {
"source" : {
"id" : "assert:CORS - Bad 'Origin' value" ,
"name" : "CORS - Bad 'Origin' value"
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"summary" : "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"response" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Server" ,
"value" : "TwistedWeb/20.3.0"
}
] ,
2022-07-16 23:28:13 +05:30
"reason_phrase" : "OK" ,
"status_code" : 200 ,
"body" : "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]"
2021-10-27 15:23:28 +05:30
} ,
2022-10-11 01:57:18 +05:30
"supporting_messages" : [
{
2022-07-16 23:28:13 +05:30
"name" : "Origional" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
}
} ,
{
"name" : "Recorded" ,
"request" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Host" ,
"value" : "127.0.0.1:7777"
}
] ,
2022-07-16 23:28:13 +05:30
"method" : "GET" ,
"url" : "http://127.0.0.1:7777/api/users" ,
"body" : ""
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"response" : {
2022-10-11 01:57:18 +05:30
"headers" : [
{
"name" : "Server" ,
"value" : "TwistedWeb/20.3.0"
}
] ,
2022-07-16 23:28:13 +05:30
"reason_phrase" : "OK" ,
"status_code" : 200 ,
"body" : "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]"
}
}
]
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
2022-10-11 01:57:18 +05:30
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Bar vulnerability" ,
"value" : "bar"
}
] ,
"links" : [
{
"name" : "CVE-1030" ,
"url" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030"
}
]
2022-07-16 23:28:13 +05:30
} ,
{
"category" : "dependency_scanning" ,
"name" : "Authentication bypass via incorrect DOM traversal and canonicalization" ,
"message" : "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js" ,
"description" : "" ,
"cve" : "yarn/yarn.lock:saml2-js:gemnasium:9952e574-7b5b-46fa-a270-aeb694198a98" ,
"severity" : "Unknown" ,
"solution" : "Upgrade to fixed version.\r\n" ,
"scanner" : {
"id" : "gemnasium" ,
"name" : "Gemnasium"
} ,
2022-11-25 23:54:43 +05:30
"location" : {
"file" : "some/kind/of/file.c" ,
"dependency" : {
"package" : {
"name" : "io.netty/netty"
} ,
"version" : "3.9.1.Final"
}
} ,
"identifiers" : [
{
"type" : "GitLab" ,
"name" : "Foo vulnerability" ,
"value" : "foo"
}
] ,
2022-07-16 23:28:13 +05:30
"links" : [ ]
}
] ,
2022-10-11 01:57:18 +05:30
"remediations" : [
{
"fixes" : [
{
"cve" : "CVE-2137"
}
] ,
2022-07-16 23:28:13 +05:30
"summary" : "this remediates CVE-2137" ,
"diff" : "dG90YWxseSBsZWdpdCBkaWZm"
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"cve" : "CVE-2138"
}
] ,
2022-07-16 23:28:13 +05:30
"summary" : "this remediates CVE-2138" ,
"diff" : "dG90YWxseSBsZWdpdCBkaWZm"
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"cve" : "CVE-2139"
} ,
{
"cve" : "CVE-2140"
}
] ,
2022-07-16 23:28:13 +05:30
"summary" : "this remediates CVE-2139 and CVE-2140" ,
"diff" : "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5"
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"cve" : "CVE-1020"
}
] ,
2022-11-25 23:54:43 +05:30
"summary" : "this fixes CVE-1020" ,
"diff" : "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5"
2022-07-16 23:28:13 +05:30
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"cve" : "CVE" ,
"id" : "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3"
}
] ,
2022-11-25 23:54:43 +05:30
"summary" : "this fixes CVE" ,
"diff" : "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5"
2022-07-16 23:28:13 +05:30
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"cve" : "CVE" ,
"id" : "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3"
}
] ,
2022-11-25 23:54:43 +05:30
"summary" : "this fixed CVE" ,
"diff" : "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5"
2022-07-16 23:28:13 +05:30
} ,
{
2022-10-11 01:57:18 +05:30
"fixes" : [
{
"id" : "2134" ,
"cve" : "CVE-1"
}
] ,
2022-11-25 23:54:43 +05:30
"summary" : "this fixes CVE-1" ,
"diff" : "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5"
2022-07-16 23:28:13 +05:30
}
] ,
"dependency_files" : [ ] ,
"scan" : {
"analyzer" : {
"id" : "common-analyzer" ,
"name" : "Common Analyzer" ,
"url" : "https://site.com/analyzer/common" ,
"version" : "2.0.1" ,
"vendor" : {
"name" : "Common"
}
} ,
"scanner" : {
"id" : "gemnasium" ,
2022-10-11 01:57:18 +05:30
"name" : "Gemnasium top-level" ,
2022-07-16 23:28:13 +05:30
"url" : "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven" ,
"vendor" : {
"name" : "GitLab"
} ,
"version" : "2.18.0"
2021-10-27 15:23:28 +05:30
} ,
2022-07-16 23:28:13 +05:30
"type" : "dependency_scanning" ,
2022-11-25 23:54:43 +05:30
"start_time" : "2022-08-10T21:37:00" ,
"end_time" : "2022-08-10T21:38:00" ,
2022-07-16 23:28:13 +05:30
"status" : "success"
} ,
"version" : "14.0.2"
2022-11-25 23:54:43 +05:30
}