2018-12-13 13:39:08 +05:30
|
|
|
[
|
|
|
|
{
|
2018-12-23 12:14:25 +05:30
|
|
|
"category": "dependency_scanning",
|
|
|
|
"name": "io.netty/netty - CVE-2014-3488",
|
|
|
|
"message": "DoS by CPU exhaustion when using malicious SSL packets",
|
|
|
|
"cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488",
|
|
|
|
"severity": "Unknown",
|
|
|
|
"solution": "Upgrade to the latest version",
|
|
|
|
"scanner": {
|
|
|
|
"id": "gemnasium",
|
|
|
|
"name": "Gemnasium"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "app/pom.xml",
|
|
|
|
"dependency": {
|
|
|
|
"package": {
|
|
|
|
"name": "io.netty/netty"
|
|
|
|
},
|
|
|
|
"version": "3.9.1.Final"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "gemnasium",
|
|
|
|
"name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
|
|
|
|
"value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f",
|
|
|
|
"url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "cve",
|
|
|
|
"name": "CVE-2014-3488",
|
|
|
|
"value": "CVE-2014-3488",
|
|
|
|
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"url": "https://bugzilla.redhat.com/CVE-2014-3488"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"url": "http://netty.io/news/2014/06/11/3.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"url": "https://github.com/netty/netty/issues/2562"
|
|
|
|
}
|
2018-12-13 13:39:08 +05:30
|
|
|
],
|
2018-12-23 12:14:25 +05:30
|
|
|
"priority": "Unknown",
|
|
|
|
"file": "app/pom.xml",
|
|
|
|
"url": "https://bugzilla.redhat.com/CVE-2014-3488",
|
2018-12-13 13:39:08 +05:30
|
|
|
"tool": "gemnasium"
|
|
|
|
},
|
|
|
|
{
|
2018-12-23 12:14:25 +05:30
|
|
|
"category": "dependency_scanning",
|
|
|
|
"name": "Django - CVE-2017-12794",
|
|
|
|
"message": "Possible XSS in traceback section of technical 500 debug page",
|
|
|
|
"cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794",
|
|
|
|
"severity": "Unknown",
|
|
|
|
"solution": "Upgrade to latest version or apply patch.",
|
|
|
|
"scanner": {
|
|
|
|
"id": "gemnasium",
|
|
|
|
"name": "Gemnasium"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "app/requirements.txt",
|
|
|
|
"dependency": {
|
|
|
|
"package": {
|
|
|
|
"name": "Django"
|
|
|
|
},
|
|
|
|
"version": "1.11.3"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "gemnasium",
|
|
|
|
"name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f",
|
|
|
|
"value": "6162a015-8635-4a15-8d7c-dc9321db366f",
|
|
|
|
"url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "cve",
|
|
|
|
"name": "CVE-2017-12794",
|
|
|
|
"value": "CVE-2017-12794",
|
|
|
|
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"
|
|
|
|
}
|
2018-12-13 13:39:08 +05:30
|
|
|
],
|
2018-12-23 12:14:25 +05:30
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"priority": "Unknown",
|
|
|
|
"file": "app/requirements.txt",
|
|
|
|
"url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/",
|
2018-12-13 13:39:08 +05:30
|
|
|
"tool": "gemnasium"
|
|
|
|
},
|
|
|
|
{
|
2018-12-23 12:14:25 +05:30
|
|
|
"category": "dependency_scanning",
|
|
|
|
"name": "nokogiri - USN-3424-1",
|
|
|
|
"message": "Vulnerabilities in libxml2",
|
|
|
|
"cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1",
|
|
|
|
"severity": "Unknown",
|
|
|
|
"solution": "Upgrade to latest version.",
|
|
|
|
"scanner": {
|
|
|
|
"id": "gemnasium",
|
|
|
|
"name": "Gemnasium"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "rails/Gemfile.lock",
|
|
|
|
"dependency": {
|
|
|
|
"package": {
|
|
|
|
"name": "nokogiri"
|
|
|
|
},
|
|
|
|
"version": "1.8.0"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "gemnasium",
|
|
|
|
"name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
|
|
|
|
"value": "06565b64-486d-4326-b906-890d9915804d",
|
|
|
|
"url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "usn",
|
|
|
|
"name": "USN-3424-1",
|
|
|
|
"value": "USN-3424-1",
|
|
|
|
"url": "https://usn.ubuntu.com/3424-1/"
|
|
|
|
}
|
2018-12-13 13:39:08 +05:30
|
|
|
],
|
2018-12-23 12:14:25 +05:30
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"url": "https://github.com/sparklemotion/nokogiri/issues/1673"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"priority": "Unknown",
|
|
|
|
"file": "rails/Gemfile.lock",
|
|
|
|
"url": "https://github.com/sparklemotion/nokogiri/issues/1673",
|
2018-12-13 13:39:08 +05:30
|
|
|
"tool": "gemnasium"
|
2018-12-23 12:14:25 +05:30
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "dependency_scanning",
|
|
|
|
"name": "ffi - CVE-2018-1000201",
|
|
|
|
"message": "ruby-ffi DDL loading issue on Windows OS",
|
|
|
|
"cve": "ffi:1.9.18:CVE-2018-1000201",
|
|
|
|
"severity": "High",
|
|
|
|
"solution": "upgrade to \u003e= 1.9.24",
|
|
|
|
"scanner": {
|
|
|
|
"id": "bundler_audit",
|
|
|
|
"name": "bundler-audit"
|
|
|
|
},
|
|
|
|
"location": {
|
|
|
|
"file": "sast-sample-rails/Gemfile.lock",
|
|
|
|
"dependency": {
|
|
|
|
"package": {
|
|
|
|
"name": "ffi"
|
|
|
|
},
|
|
|
|
"version": "1.9.18"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"identifiers": [
|
|
|
|
{
|
|
|
|
"type": "cve",
|
|
|
|
"name": "CVE-2018-1000201",
|
|
|
|
"value": "CVE-2018-1000201",
|
|
|
|
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"links": [
|
|
|
|
{
|
|
|
|
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"priority": "High",
|
|
|
|
"file": "sast-sample-rails/Gemfile.lock",
|
|
|
|
"url": "https://github.com/ffi/ffi/releases/tag/1.9.24",
|
|
|
|
"tool": "bundler_audit"
|
2018-12-13 13:39:08 +05:30
|
|
|
}
|
|
|
|
]
|