advisory-database issues

[GHSA-q5wm-qgxj-h9ph] Missing permission check in Jenkins Kmap Plugin allow SSRF

1

**Updates** - Affected products **Comments** The Package name is incorrect. It is recommended to change it to "org.jenkins-ci.plugins:kmap-jenkins". Reference source: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/kmap-jenkins You can see the Maven coordinates here

secjoker

[GHSA-fvcf-wgxj-h7ch] CSRF vulnerability in Jenkins Nomad Plugin allow SSRF

1

**Updates** - Affected products **Comments** The Package name is incorrect. It is recommended to change it to "org.jenkins-ci.plugins:kmap-jenkins". Reference source: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/kmap-jenkins You can see the Maven coordinates here

secjoker

lightning RCE is not fixed in 2.2.2

1

GHSA-cgwc-qvrx-rf7f advisory is not solved in version 2.2.2 for lightning, at least version 2.2.5 is vulnerable

anderruiz

[GHSA-qg5r-95m4-mjgj] Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

1

**Updates** - Affected products - References **Comments** Fix was backported to 2.0.49.x line: https://github.com/yiisoft/yii2/pull/20183

rob006

[GHSA-cjcc-p67m-7qxm] Unsafe Reflection in base Component class in yiisoft/yii2

1

**Updates** - Affected products - References **Comments** Fix was backported to 2.0.49.x line: https://github.com/yiisoft/yii2/pull/20183

rob006

[GHSA-3x57-m5p4-rgh4] ZendOpenID potential security issue in login mechanism

1

**Updates** - Affected products **Comments** https://github.com/zendframework/ZendOpenId/commit/16648e1b2acf760d0c67a8c1dd913fed0c0f61f7

flexibrah

[GHSA-3x57-m5p4-rgh4] ZendOpenID potential security issue in login mechanism

1

**Updates** - Affected products **Comments** Update

Ybs187

[GHSA-2p57-rm9w-gvfp] ip SSRF improper categorization in isPublic

1

**Updates** - Affected products **Comments** sugestão de sugerança

murillonr

[GHSA-wr3j-pwj9-hqq6] Path traversal in webpack-dev-middleware

2

**Updates** - Affected products **Comments** sugestão de segurança

murillonr

[GHSA-2p57-rm9w-gvfp] ip SSRF improper categorization in isPublic

1

**Updates** - Affected products **Comments** improvements

Tushar007079

advisory-database
advisory-database copied to clipboard

Metadata

[GHSA-q5wm-qgxj-h9ph] Missing permission check in Jenkins Kmap Plugin allow SSRF

[GHSA-fvcf-wgxj-h7ch] CSRF vulnerability in Jenkins Nomad Plugin allow SSRF

lightning RCE is not fixed in 2.2.2

[GHSA-qg5r-95m4-mjgj] Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

[GHSA-cjcc-p67m-7qxm] Unsafe Reflection in base Component class in yiisoft/yii2

[GHSA-3x57-m5p4-rgh4] ZendOpenID potential security issue in login mechanism

[GHSA-3x57-m5p4-rgh4] ZendOpenID potential security issue in login mechanism

[GHSA-2p57-rm9w-gvfp] ip SSRF improper categorization in isPublic

[GHSA-wr3j-pwj9-hqq6] Path traversal in webpack-dev-middleware

[GHSA-2p57-rm9w-gvfp] ip SSRF improper categorization in isPublic

← Metadata

Owner

Metadata

advisory-database advisory-database copied to clipboard

Metadata

← Metadata

Owner

Metadata

advisory-database
advisory-database copied to clipboard