diff --git a/labs/lab10/imports/import-grype-vuln-results.json b/labs/lab10/imports/import-grype-vuln-results.json new file mode 100644 index 00000000..0dff828b --- /dev/null +++ b/labs/lab10/imports/import-grype-vuln-results.json @@ -0,0 +1,89 @@ +{ + "minimum_severity": "Info", + "active": false, + "verified": false, + "endpoint_to_add": null, + "product_type_name": "Engineering", + "product_name": "Juice Shop", + "engagement_name": "Labs Security Testing", + "auto_create_context": true, + "deduplication_on_engagement": false, + "lead": null, + "push_to_jira": false, + "api_scan_configuration": null, + "create_finding_groups_for_all_findings": true, + "test_id": 35, + "engagement_id": 1, + "product_id": 1, + "product_type_id": 2, + "statistics": { + "after": { + "info": { + "active": 12, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 12 + }, + "low": { + "active": 1, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 1 + }, + "medium": { + "active": 24, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 24 + }, + "high": { + "active": 20, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 20 + }, + "critical": { + "active": 8, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 8 + }, + "total": { + "active": 65, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 65 + } + } + }, + "apply_tags_to_findings": false, + "apply_tags_to_endpoints": false, + "scan_type": "Anchore Grype", + "close_old_findings": false, + "close_old_findings_product_scope": false, + "test": 35 +} \ No newline at end of file diff --git a/labs/lab10/imports/import-nuclei-results.json b/labs/lab10/imports/import-nuclei-results.json new file mode 100644 index 00000000..e09a62be --- /dev/null +++ b/labs/lab10/imports/import-nuclei-results.json @@ -0,0 +1,89 @@ +{ + "minimum_severity": "Info", + "active": false, + "verified": false, + "endpoint_to_add": null, + "product_type_name": "Engineering", + "product_name": "Juice Shop", + "engagement_name": "Labs Security Testing", + "auto_create_context": true, + "deduplication_on_engagement": false, + "lead": null, + "push_to_jira": false, + "api_scan_configuration": null, + "create_finding_groups_for_all_findings": true, + "test_id": 34, + "engagement_id": 1, + "product_id": 1, + "product_type_id": 2, + "statistics": { + "after": { + "info": { + "active": 17, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 17 + }, + "low": { + "active": 1, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 1 + }, + "medium": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "high": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "critical": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "total": { + "active": 18, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 18 + } + } + }, + "apply_tags_to_findings": false, + "apply_tags_to_endpoints": false, + "scan_type": "Nuclei Scan", + "close_old_findings": false, + "close_old_findings_product_scope": false, + "test": 34 +} \ No newline at end of file diff --git a/labs/lab10/imports/import-semgrep-results.json b/labs/lab10/imports/import-semgrep-results.json new file mode 100644 index 00000000..ba0a55f9 --- /dev/null +++ b/labs/lab10/imports/import-semgrep-results.json @@ -0,0 +1,92 @@ +{ + "minimum_severity": "Info", + "active": false, + "verified": false, + "endpoint_to_add": null, + "product_type_name": "Engineering", + "product_name": "Juice Shop", + "engagement_name": "Labs Security Testing", + "auto_create_context": true, + "deduplication_on_engagement": false, + "lead": null, + "push_to_jira": false, + "api_scan_configuration": null, + "create_finding_groups_for_all_findings": true, + "test_id": 32, + "engagement_id": 1, + "product_id": 1, + "product_type_id": 2, + "statistics": { + "after": { + "info": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "low": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "medium": { + "active": 18, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 18 + }, + "high": { + "active": 7, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 7 + }, + "critical": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "total": { + "active": 25, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 25 + } + } + }, + "pro": [ + "Did you know, Pro has an automated no-code connector for Semgrep JSON Report? Try today for free or email us at hello@defectdojo.com" + ], + "apply_tags_to_findings": false, + "apply_tags_to_endpoints": false, + "scan_type": "Semgrep JSON Report", + "close_old_findings": false, + "close_old_findings_product_scope": false, + "test": 32 +} \ No newline at end of file diff --git a/labs/lab10/imports/import-trivy-vuln-detailed.json b/labs/lab10/imports/import-trivy-vuln-detailed.json new file mode 100644 index 00000000..9fc3d640 --- /dev/null +++ b/labs/lab10/imports/import-trivy-vuln-detailed.json @@ -0,0 +1,89 @@ +{ + "minimum_severity": "Info", + "active": false, + "verified": false, + "endpoint_to_add": null, + "product_type_name": "Engineering", + "product_name": "Juice Shop", + "engagement_name": "Labs Security Testing", + "auto_create_context": true, + "deduplication_on_engagement": false, + "lead": null, + "push_to_jira": false, + "api_scan_configuration": null, + "create_finding_groups_for_all_findings": true, + "test_id": 33, + "engagement_id": 1, + "product_id": 1, + "product_type_id": 2, + "statistics": { + "after": { + "info": { + "active": 0, + "verified": 0, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 0 + }, + "low": { + "active": 3, + "verified": 3, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 3 + }, + "medium": { + "active": 34, + "verified": 32, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 34 + }, + "high": { + "active": 28, + "verified": 26, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 28 + }, + "critical": { + "active": 9, + "verified": 9, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 9 + }, + "total": { + "active": 74, + "verified": 70, + "duplicate": 0, + "false_p": 0, + "out_of_scope": 0, + "is_mitigated": 0, + "risk_accepted": 0, + "total": 74 + } + } + }, + "apply_tags_to_findings": false, + "apply_tags_to_endpoints": false, + "scan_type": "Trivy Scan", + "close_old_findings": false, + "close_old_findings_product_scope": false, + "test": 33 +} \ No newline at end of file diff --git a/labs/lab10/imports/import-zap-report-noauth.json b/labs/lab10/imports/import-zap-report-noauth.json new file mode 100644 index 00000000..6cc47944 --- /dev/null +++ b/labs/lab10/imports/import-zap-report-noauth.json @@ -0,0 +1,6 @@ +{ + "message": "Internal server error, check logs for details", + "pro": [ + "Pro comes with support. Try today for free or email us at hello@defectdojo.com" + ] +} \ No newline at end of file diff --git a/labs/lab10/imports/run-imports.sh b/labs/lab10/imports/run-imports.sh index 0f0e33c9..e34f10e8 100644 --- a/labs/lab10/imports/run-imports.sh +++ b/labs/lab10/imports/run-imports.sh @@ -115,7 +115,7 @@ import_scan() { } # Candidate paths per tool -zap_file="labs/lab5/zap/zap-report-noauth.json" +zap_file="labs/lab5/zap/zap-report-noauth.xml" semgrep_file="labs/lab5/semgrep/semgrep-results.json" trivy_file="labs/lab4/trivy/trivy-vuln-detailed.json" nuclei_file="labs/lab5/nuclei/nuclei-results.json" diff --git a/labs/lab10/report/dojo-report.html b/labs/lab10/report/dojo-report.html new file mode 100644 index 00000000..da51ba2a --- /dev/null +++ b/labs/lab10/report/dojo-report.html @@ -0,0 +1,30175 @@ + + + + + + Finding Report + + + + + + + + + + + +
+ + + +
+
+ +

Findings

+ + + +

Critical

+ +
+
+
+
+ Finding 1183: CVE-2023-32314 Vm2 3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 74 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
vm2: Sandbox Escape

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.9.18

+
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+ + +
Mitigation
+ 
3.9.18
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2023-32314

+https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac

+https://github.com/patriksimek/vm2

+https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf

+https://github.com/patriksimek/vm2/releases/tag/3.9.18

+https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5

+https://nvd.nist.gov/vuln/detail/CVE-2023-32314

+https://www.cve.org/CVERecord?id=CVE-2023-32314
+ + + + + + + +
+
+
+
+ Finding 1272: GHSA-5mrr-rgp6-x4gr in marsdb:0.6.11 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
marsdb0.6.11
+ + + + + + + +
File Path
/juice-shop/node_modules/marsdb/package.json
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Command Injection in marsdb

+Matcher: javascript-matcher

+Package URL: pkg:npm/marsdb@0.6.11
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-5mrr-rgp6-x4gr
+ + + + + + + +
+
+
+
+ Finding 1184: CVE-2023-37466 Vm2 3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 94 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2023-37466

+https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9

+https://github.com/patriksimek/vm2

+https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

+https://nvd.nist.gov/vuln/detail/CVE-2023-37466

+https://security.netapp.com/advisory/ntap-20230831-0007

+https://www.cve.org/CVERecord?id=CVE-2023-37466
+ + + + + + + +
+
+
+
+ Finding 1185: CVE-2023-37903 Vm2 3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 78 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2023-37903

+https://github.com/patriksimek/vm2

+https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4

+https://nvd.nist.gov/vuln/detail/CVE-2023-37903

+https://security.netapp.com/advisory/ntap-20230831-0007

+https://security.netapp.com/advisory/ntap-20230831-0007/

+https://www.cve.org/CVERecord?id=CVE-2023-37903
+ + + + + + + +
+
+
+
+ Finding 1220: GHSA-xwcq-pm8m-c4vf in crypto-js:3.3.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 0.96% + / + 75.74% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
crypto-js3.3.0
+ + + + + + + +
File Path
/juice-shop/node_modules/crypto-js/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

+Related Vulnerability Description: crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

+Matcher: javascript-matcher

+Package URL: pkg:npm/crypto-js@3.3.0
+ + +
Mitigation
+ 
Upgrade to version: 4.2.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-xwcq-pm8m-c4vf

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-46233

+Related Vulnerability URLs:

+- https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a

+- https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf

+- https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html

+- https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a

+- https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf

+- https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html
+ + + + + + + +
+
+
+
+ Finding 1153: CVE-2019-10744 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1321 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
+ + +
Description
+ 
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.17.12

+
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
+ + +
Mitigation
+ 
4.17.12
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/errata/RHSA-2019:3024

+https://access.redhat.com/security/cve/CVE-2019-10744

+https://github.com/advisories/GHSA-jf85-cpcp-j695

+https://github.com/lodash/lodash/pull/4336

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml

+https://nvd.nist.gov/vuln/detail/CVE-2019-10744

+https://security.netapp.com/advisory/ntap-20191004-0005

+https://security.netapp.com/advisory/ntap-20191004-0005/

+https://snyk.io/vuln/SNYK-JS-LODASH-450202

+https://support.f5.com/csp/article/K47105354

+https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

+https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS

+https://www.cve.org/CVERecord?id=CVE-2019-10744

+https://www.npmjs.com/advisories/1065

+https://www.oracle.com/security-alerts/cpujan2021.html

+https://www.oracle.com/security-alerts/cpuoct2020.html
+ + + + + + + +
+
+
+
+ Finding 1210: GHSA-whpj-8f3w-67p5 in vm2:3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 69.49% + / + 98.61% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
/juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: vm2 Sandbox Escape vulnerability

+Related Vulnerability Description: vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

+Matcher: javascript-matcher

+Package URL: pkg:npm/vm2@3.9.17
+ + +
Mitigation
+ 
Upgrade to version: 3.9.18
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-whpj-8f3w-67p5

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-32314

+Related Vulnerability URLs:

+- https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac

+- https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf

+- https://github.com/patriksimek/vm2/releases/tag/3.9.18

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5

+- https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac

+- https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf

+- https://github.com/patriksimek/vm2/releases/tag/3.9.18

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
+ + + + + + + +
+
+
+
+ Finding 1211: GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 41.15% + / + 97.31% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Verification Bypass in jsonwebtoken

+Related Vulnerability Description: In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS family).

+Matcher: javascript-matcher

+Package URL:* pkg:npm/jsonwebtoken@0.1.0
+ + +
Mitigation
+ 
Upgrade to version: 4.2.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-c7hr-j4mj-j2w6

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2015-9235

+Related Vulnerability URLs:

+- https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+- https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+- https://nodesecurity.io/advisories/17

+- https://www.timmclean.net/2015/02/25/jwt-alg-none.html

+- https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+- https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+- https://nodesecurity.io/advisories/17

+- https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +
+
+
+
+ Finding 1212: GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 41.15% + / + 97.31% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
/juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Verification Bypass in jsonwebtoken

+Related Vulnerability Description: In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS family).

+Matcher: javascript-matcher

+Package URL:* pkg:npm/jsonwebtoken@0.4.0
+ + +
Mitigation
+ 
Upgrade to version: 4.2.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-c7hr-j4mj-j2w6

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2015-9235

+Related Vulnerability URLs:

+- https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+- https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+- https://nodesecurity.io/advisories/17

+- https://www.timmclean.net/2015/02/25/jwt-alg-none.html

+- https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+- https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+- https://nodesecurity.io/advisories/17

+- https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +
+
+
+
+ Finding 1213: GHSA-g644-9gfx-q4q4 in vm2:3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 35.57% + / + 96.96% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
/juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: vm2 Sandbox Escape vulnerability

+Related Vulnerability Description: vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

+Matcher: javascript-matcher

+Package URL: pkg:npm/vm2@3.9.17
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-g644-9gfx-q4q4

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-37903

+Related Vulnerability URLs:

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4

+- https://security.netapp.com/advisory/ntap-20230831-0007/

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4

+- https://security.netapp.com/advisory/ntap-20230831-0007/
+ + + + + + + +
+
+
+
+ Finding 1214: GHSA-cchq-frgv-rjh5 in vm2:3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 4.73% + / + 88.97% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
/juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: vm2 Sandbox Escape vulnerability

+Related Vulnerability Description: vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.

+Matcher: javascript-matcher

+Package URL: pkg:npm/vm2@3.9.17
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-cchq-frgv-rjh5

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-37466

+Related Vulnerability URLs:

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5
+ + + + + + + +
+
+
+
+ Finding 1215: GHSA-jf85-cpcp-j695 in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + 3.41% + / + 86.97% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Prototype Pollution in lodash

+Related Vulnerability Description: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.12
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-jf85-cpcp-j695

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-10744

+Related Vulnerability URLs:

+- https://access.redhat.com/errata/RHSA-2019:3024

+- https://security.netapp.com/advisory/ntap-20191004-0005/

+- https://snyk.io/vuln/SNYK-JS-LODASH-450202

+- https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

+- https://www.oracle.com/security-alerts/cpujan2021.html

+- https://www.oracle.com/security-alerts/cpuoct2020.html

+- https://access.redhat.com/errata/RHSA-2019:3024

+- https://security.netapp.com/advisory/ntap-20191004-0005/

+- https://snyk.io/vuln/SNYK-JS-LODASH-450202

+- https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

+- https://www.oracle.com/security-alerts/cpujan2021.html

+- https://www.oracle.com/security-alerts/cpuoct2020.html
+ + + + + + + +
+
+
+
+ Finding 1136: CVE-2023-46233 Crypto-Js 3.3.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 328 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
crypto-js3.3.0
+ + + + + + + +
File Path
juice-shop/node_modules/crypto-js/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.2.0

+
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
+ + +
Mitigation
+ 
4.2.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2023-46233

+https://github.com/brix/crypto-js

+https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a

+https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf

+https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html

+https://nvd.nist.gov/vuln/detail/CVE-2023-46233

+https://ubuntu.com/security/notices/USN-6753-1

+https://www.cve.org/CVERecord?id=CVE-2023-46233
+ + + + + + + +
+
+
+
+ Finding 1160: GHSA-5mrr-rgp6-x4gr Marsdb 0.6.11 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
marsdb0.6.11
+ + + + + + + +
File Path
juice-shop/node_modules/marsdb/package.json
+
+
+
+ + + + + +
Description
+ 
Command Injection in marsdb

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed.

+
Recommendation

+
No fix is currently available. Consider using an alternative package until a fix is made available.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://github.com/bkimminich/juice-shop/issues/1173

+https://www.npmjs.com/advisories/1122
+ + + + + + + +
+
+
+
+ Finding 1123: CVE-2019-1010022 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 119 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
glibc: stack guard protection bypass

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2019-1010022

+https://nvd.nist.gov/vuln/detail/CVE-2019-1010022

+https://security-tracker.debian.org/tracker/CVE-2019-1010022

+https://sourceware.org/bugzilla/show_bug.cgi?id=22850

+https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3

+https://ubuntu.com/security/CVE-2019-1010022

+https://www.cve.org/CVERecord?id=CVE-2019-1010022
+ + + + + + + +
+
+
+
+ Finding 1147: CVE-2015-9235 Jsonwebtoken 0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 20 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
nodejs-jsonwebtoken: verification step bypass with an altered token

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.2.2

+
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
+ + +
Mitigation
+ 
4.2.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2015-9235

+https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries

+https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+https://github.com/advisories/GHSA-c7hr-j4mj-j2w6

+https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+https://nodesecurity.io/advisories/17

+https://nvd.nist.gov/vuln/detail/CVE-2015-9235

+https://www.cve.org/CVERecord?id=CVE-2015-9235

+https://www.npmjs.com/advisories/17

+https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +
+
+
+
+ Finding 1142: CVE-2015-9235 Jsonwebtoken 0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Critical + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 20 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
nodejs-jsonwebtoken: verification step bypass with an altered token

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.2.2

+
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
+ + +
Mitigation
+ 
4.2.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2015-9235

+https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries

+https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+https://github.com/advisories/GHSA-c7hr-j4mj-j2w6

+https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+https://nodesecurity.io/advisories/17

+https://nvd.nist.gov/vuln/detail/CVE-2015-9235

+https://www.cve.org/CVERecord?id=CVE-2015-9235

+https://www.npmjs.com/advisories/17

+https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +

High

+ +
+
+
+
+ Finding 1144: NSWG-ECO-17 Jsonwebtoken 0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + + +
Description
+ 
Verification Bypass

+Target: Node.js

+Type: node-pkg

+Fixed version: >=4.2.2

+
It is possible for an attacker to bypass verification when "a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)" [1]
+ + +
Mitigation
+ 

+
=4.2.2

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +
+
+
+
+ Finding 1187: CVE-2024-37890 Ws 7.4.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 476 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
ws7.4.6
+ + + + + + + +
File Path
juice-shop/node_modules/engine.io/node_modules/ws/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
nodejs-ws: denial of service when handling a request with many HTTP headers

+Target: Node.js

+Type: node-pkg

+Fixed version: 5.2.4, 6.2.3, 7.5.10, 8.17.1

+
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
+ + +
Mitigation
+ 
5.2.4, 6.2.3, 7.5.10, 8.17.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-37890

+https://github.com/websockets/ws

+https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f

+https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e

+https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c

+https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63

+https://github.com/websockets/ws/issues/2230

+https://github.com/websockets/ws/pull/2231

+https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q

+https://nodejs.org/api/http.html#servermaxheaderscount

+https://nvd.nist.gov/vuln/detail/CVE-2024-37890

+https://www.cve.org/CVERecord?id=CVE-2024-37890
+ + + + + + + +
+
+
+
+ Finding 1188: Secret Detected in /juice-shop/build/lib/insecurity.js - Asymmetric Private Key + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
47
+ + + + + + + +
File Path
/juice-shop/build/lib/insecurity.js
+
+
+
+ + + + + +
Description
+ 
Asymmetric Private Key

+Category: AsymmetricPrivateKey

+Match: ----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************-----END RSA PRIVATE
+ + + + + + + + + + + + + + + + + + +
+
+
+
+ Finding 1122: CVE-2018-20796 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
http://www.securityfocus.com/bid/107160

+https://access.redhat.com/security/cve/CVE-2018-20796

+https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141

+https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html

+https://nvd.nist.gov/vuln/detail/CVE-2018-20796

+https://security.netapp.com/advisory/ntap-20190315-0002/

+https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

+https://www.cve.org/CVERecord?id=CVE-2018-20796
+ + + + + + + +
+
+
+
+ Finding 1191: Secret Detected in /juice-shop/lib/insecurity.ts - Asymmetric Private Key + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
23
+ + + + + + + +
File Path
/juice-shop/lib/insecurity.ts
+
+
+
+ + + + + +
Description
+ 
Asymmetric Private Key

+Category: AsymmetricPrivateKey

+Match: ----BEGIN RSA PRIVATE KEY-----**********************************************************************************************************************-----END RSA PRIVATE
+ + + + + + + + + + + + + + + + + + +
+
+
+
+ Finding 1251: GHSA-44fp-w29j-9vj5 in multer:1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.04% + / + 10.32% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
/juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Multer vulnerable to Denial of Service via memory leaks from unclosed streams

+Related Vulnerability Description: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.

+Matcher: javascript-matcher

+Package URL: pkg:npm/multer@1.4.5-lts.2
+ + +
Mitigation
+ 
Upgrade to version: 2.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-44fp-w29j-9vj5

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-47935

+Related Vulnerability URLs:

+- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665

+- https://github.com/expressjs/multer/pull/1120

+- https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
+ + + + + + + +
+
+
+
+ Finding 1249: GHSA-vj76-c3g6-qr5v in tar-fs:2.1.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.05% + / + 15.42% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
tar-fs2.1.3
+ + + + + + + +
File Path
/juice-shop/node_modules/tar-fs/package.json
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball

+Related Vulnerability Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.

+Matcher: javascript-matcher

+Package URL: pkg:npm/tar-fs@2.1.3
+ + +
Mitigation
+ 
Upgrade to version: 2.1.4
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-vj76-c3g6-qr5v

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-59343

+Related Vulnerability URLs:

+- https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09

+- https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v
+ + + + + + + +
+
+
+
+ Finding 1248: GHSA-cgfm-xwp7-2cvr in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.06% + / + 17.69% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Sanitize-html Vulnerable To REDoS Attacks

+Related Vulnerability Description: The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 2.7.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-cgfm-xwp7-2cvr

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-25887

+Related Vulnerability URLs:

+- https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c

+- https://github.com/apostrophecms/sanitize-html/pull/557

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102

+- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526

+- https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c

+- https://github.com/apostrophecms/sanitize-html/pull/557

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102

+- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
+ + + + + + + +
+
+
+
+ Finding 1247: GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.06% + / + 18.52% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
/juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken unrestricted key type could lead to legacy keys usage

+Related Vulnerability Description: Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option  to true in the sign() and/or verify() functions.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.4.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-8cf7-32gw-wr33

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23539

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1246: GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.06% + / + 18.52% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken unrestricted key type could lead to legacy keys usage

+Related Vulnerability Description: Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option  to true in the sign() and/or verify() functions.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.1.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-8cf7-32gw-wr33

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23539

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1245: GHSA-g5hg-p3ph-g8qg in multer:1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.06% + / + 20.09% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
/juice-shop/node_modules/multer/package.json
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Multer vulnerable to Denial of Service via unhandled exception

+Related Vulnerability Description: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to 2.0.1 to receive a patch. No known workarounds are available.

+Matcher: javascript-matcher

+Package URL: pkg:npm/multer@1.4.5-lts.2
+ + +
Mitigation
+ 
Upgrade to version: 2.0.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-g5hg-p3ph-g8qg

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-48997

+Related Vulnerability URLs:

+- https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9

+- https://github.com/expressjs/multer/issues/1233

+- https://github.com/expressjs/multer/pull/1256

+- https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
+ + + + + + + +
+
+
+
+ Finding 1273: GHSA-gjcw-v447-2w7q in jws:0.2.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jws0.2.6
+ + + + + + + +
File Path
/juice-shop/node_modules/jws/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Forgeable Public/Private Tokens in jws

+Matcher: javascript-matcher

+Package URL: pkg:npm/jws@0.2.6
+ + +
Mitigation
+ 
Upgrade to version: 3.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-gjcw-v447-2w7q

+Related Vulnerability Datasource: nvd
+ + + + + + + +
+
+
+
+ Finding 1242: GHSA-6g6m-m6h5-w9gf in express-jwt:0.1.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.10% + / + 27.52% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
express-jwt0.1.3
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Authorization bypass in express-jwt

+Related Vulnerability Description: In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have algorithms configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the secret. You can fix this by specifying algorithms in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.

+Matcher: javascript-matcher

+Package URL: pkg:npm/express-jwt@0.1.3
+ + +
Mitigation
+ 
Upgrade to version: 6.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-6g6m-m6h5-w9gf

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2020-15084

+Related Vulnerability URLs:

+- https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef

+- https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf

+- https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef

+- https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf
+ + + + + + + +
+
+
+
+ Finding 1236: GHSA-rc47-6667-2j5j in http-cache-semantics:3.8.1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.16% + / + 37.41% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
http-cache-semantics3.8.1
+ + + + + + + +
File Path
/juice-shop/node_modules/http-cache-semantics/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: http-cache-semantics vulnerable to Regular Expression Denial of Service

+Related Vulnerability Description: This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

+Matcher: javascript-matcher

+Package URL: pkg:npm/http-cache-semantics@3.8.1
+ + +
Mitigation
+ 
Upgrade to version: 4.1.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-rc47-6667-2j5j

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-25881

+Related Vulnerability URLs:

+- https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83

+- https://security.netapp.com/advisory/ntap-20230622-0008/

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332

+- https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783

+- https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83

+- https://security.netapp.com/advisory/ntap-20230622-0008/

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332

+- https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
+ + + + + + + +
+
+
+
+ Finding 1231: GHSA-grv7-fg5c-xmjg in braces:2.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.22% + / + 45.19% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
braces2.3.2
+ + + + + + + +
File Path
/juice-shop/node_modules/braces/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Uncontrolled resource consumption in braces

+Related Vulnerability Description: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

+Matcher: javascript-matcher

+Package URL: pkg:npm/braces@2.3.2
+ + +
Mitigation
+ 
Upgrade to version: 3.0.3
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-grv7-fg5c-xmjg

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-4068

+Related Vulnerability URLs:

+- https://devhub.checkmarx.com/cve-details/CVE-2024-4068/

+- https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff

+- https://github.com/micromatch/braces/issues/35

+- https://github.com/micromatch/braces/pull/37

+- https://github.com/micromatch/braces/pull/40

+- https://devhub.checkmarx.com/cve-details/CVE-2024-4068/

+- https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff

+- https://github.com/micromatch/braces/issues/35

+- https://github.com/micromatch/braces/pull/37

+- https://github.com/micromatch/braces/pull/40
+ + + + + + + +
+
+
+
+ Finding 1093: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
5
+ + + + + + + +
File Path
/src/data/static/codefixes/dbSchemaChallenge_1.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1228: GHSA-446m-mv8f-q348 in moment:2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.32% + / + 54.73% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Regular Expression Denial of Service in moment

+Related Vulnerability Description: The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

+Matcher: javascript-matcher

+Package URL: pkg:npm/moment@2.0.0
+ + +
Mitigation
+ 
Upgrade to version: 2.19.3
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-446m-mv8f-q348

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2017-18214

+Related Vulnerability URLs:

+- https://github.com/moment/moment/issues/4163

+- https://nodesecurity.io/advisories/532

+- https://www.tenable.com/security/tns-2019-02

+- https://github.com/moment/moment/issues/4163

+- https://nodesecurity.io/advisories/532

+- https://www.tenable.com/security/tns-2019-02
+ + + + + + + +
+
+
+
+ Finding 1227: GHSA-4xc9-xhrj-v574 in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.41% + / + 60.53% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Prototype Pollution in lodash

+Related Vulnerability Description: A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.11
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-4xc9-xhrj-v574

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2018-16487

+Related Vulnerability URLs:

+- https://hackerone.com/reports/380873

+- https://security.netapp.com/advisory/ntap-20190919-0004/

+- https://hackerone.com/reports/380873

+- https://security.netapp.com/advisory/ntap-20190919-0004/
+ + + + + + + +
+
+
+
+ Finding 1225: GHSA-3h5v-q93c-6h6q in ws:7.4.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.54% + / + 66.73% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
ws7.4.6
+ + + + + + + +
File Path
/juice-shop/node_modules/engine.io/node_modules/ws/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: ws affected by a DoS when handling a request with many HTTP headers

+Related Vulnerability Description: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.

+Matcher: javascript-matcher

+Package URL: pkg:npm/ws@7.4.6
+ + +
Mitigation
+ 
Upgrade to version: 7.5.10
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-3h5v-q93c-6h6q

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-37890

+Related Vulnerability URLs:

+- https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f

+- https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e

+- https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c

+- https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63

+- https://github.com/websockets/ws/issues/2230

+- https://github.com/websockets/ws/pull/2231

+- https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q

+- https://nodejs.org/api/http.html#servermaxheaderscount

+- https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f

+- https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e

+- https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c

+- https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63

+- https://github.com/websockets/ws/issues/2230

+- https://github.com/websockets/ws/pull/2231

+- https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q

+- https://nodejs.org/api/http.html#servermaxheaderscount
+ + + + + + + +
+
+
+
+ Finding 1223: GHSA-8hfj-j24r-96c4 in moment:2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.61% + / + 68.93% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Path Traversal: 'dir/../../filename' in moment.locale

+Related Vulnerability Description: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

+Matcher: javascript-matcher

+Package URL: pkg:npm/moment@2.0.0
+ + +
Mitigation
+ 
Upgrade to version: 2.29.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-8hfj-j24r-96c4

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-24785

+Related Vulnerability URLs:

+- https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5

+- https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

+- https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/

+- https://security.netapp.com/advisory/ntap-20220513-0006/

+- https://www.tenable.com/security/tns-2022-09

+- https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5

+- https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

+- https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/

+- https://security.netapp.com/advisory/ntap-20220513-0006/

+- https://www.tenable.com/security/tns-2022-09
+ + + + + + + +
+
+
+
+ Finding 1222: GHSA-35jh-r3h4-6jhm in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.86% + / + 74.26% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Command Injection in lodash

+Related Vulnerability Description: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.21
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-35jh-r3h4-6jhm

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2021-23337

+Related Vulnerability URLs:

+- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851

+- https://security.netapp.com/advisory/ntap-20210312-0006/

+- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

+- https://snyk.io/vuln/SNYK-JS-LODASH-1040724

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpujul2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html

+- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851

+- https://security.netapp.com/advisory/ntap-20210312-0006/

+- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

+- https://snyk.io/vuln/SNYK-JS-LODASH-1040724

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpujul2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1216: GHSA-2p57-rm9w-gvfp in ip:2.0.1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 2.92% + / + 85.90% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
ip2.0.1
+ + + + + + + +
File Path
/juice-shop/node_modules/ip/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: ip SSRF improper categorization in isPublic

+Related Vulnerability Description: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

+Matcher: javascript-matcher

+Package URL: pkg:npm/ip@2.0.1
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-2p57-rm9w-gvfp

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-29415

+Related Vulnerability URLs:

+- https://github.com/indutny/node-ip/issues/150

+- https://github.com/indutny/node-ip/pull/143

+- https://github.com/indutny/node-ip/pull/144

+- https://github.com/indutny/node-ip/issues/150

+- https://github.com/indutny/node-ip/pull/143

+- https://github.com/indutny/node-ip/pull/144

+- https://security.netapp.com/advisory/ntap-20250117-0010/
+ + + + + + + +
+
+
+
+ Finding 1219: GHSA-p6mc-m468-83gw in lodash.set:4.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 2.44% + / + 84.63% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash.set4.3.2
+ + + + + + + +
File Path
/juice-shop/node_modules/lodash.set/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Prototype Pollution in lodash

+Related Vulnerability Description: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash.set@4.3.2
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-p6mc-m468-83gw

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2020-8203

+Related Vulnerability URLs:

+- https://github.com/lodash/lodash/issues/4874

+- https://hackerone.com/reports/712065

+- https://security.netapp.com/advisory/ntap-20200724-0006/

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpuApr2021.html

+- https://www.oracle.com/security-alerts/cpuapr2022.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html

+- https://github.com/lodash/lodash/issues/4874

+- https://hackerone.com/reports/712065

+- https://security.netapp.com/advisory/ntap-20200724-0006/

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpuApr2021.html

+- https://www.oracle.com/security-alerts/cpuapr2022.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1148: CVE-2022-23539 Jsonwebtoken 0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 327 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
jsonwebtoken: Unrestricted key type could lead to legacy keys usagen

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option  to true in the sign() and/or verify() functions.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23539

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+https://nvd.nist.gov/vuln/detail/CVE-2022-23539

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23539
+ + + + + + + +
+
+
+
+ Finding 1149: NSWG-ECO-17 Jsonwebtoken 0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + + +
Description
+ 
Verification Bypass

+Target: Node.js

+Type: node-pkg

+Fixed version: >=4.2.2

+
It is possible for an attacker to bypass verification when "a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)" [1]
+ + +
Mitigation
+ 

+
=4.2.2

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687

+https://www.timmclean.net/2015/02/25/jwt-alg-none.html
+ + + + + + + +
+
+
+
+ Finding 1109: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
23
+ + + + + + + +
File Path
/src/routes/search.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1110: javascript.lang.security.audit.code-string-concat.code-string-concat + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 95 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
62
+ + + + + + + +
File Path
/src/routes/userProfile.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Found data from an Express or Next web request flowing to eval. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid eval whenever possible.
+ + + + + + + + + + + + +
References
+ 
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

+https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback

+https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/

+https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html
+ + + + + + + +
+
+
+
+ Finding 1152: CVE-2016-1000223 JWS 0.2.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jws0.2.6
+ + + + + + + +
File Path
juice-shop/node_modules/jws/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
+ + +
Description
+ 
Forgeable Public/Private Tokens

+Target: Node.js

+Type: node-pkg

+Fixed version: >=3.0.0

+
Since "algorithm" isn't enforced in jws.verify(), a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

+
In addition, there is the none algorithm to be concerned about.  In versions prior to 3.0.0, verification of the token could be bypassed when the alg field is set to none.

+
Edit ( 7/29/16 ): A previous version of this advisory incorrectly stated that the vulnerability was patched in version 2.0.0 instead of 3.0.0. The advisory has been updated to reflect this new information. Thanks to Fabien Catteau for reporting the error.
+ + +
Mitigation
+ 

+
=3.0.0

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries

+https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

+https://github.com/brianloveswords/node-jws

+https://github.com/brianloveswords/node-jws/commit/585d0e1e97b6747c10cf5b7689ccc5618a89b299#diff-4ac32a78649ca5bdd8e0ba38b7006a1e

+https://nvd.nist.gov/vuln/detail/CVE-2016-1000223

+https://snyk.io/vuln/npm:jws:20160726

+https://www.npmjs.com/advisories/88
+ + + + + + + +
+
+
+
+ Finding 1127: CVE-2019-9192 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2019-9192

+https://nvd.nist.gov/vuln/detail/CVE-2019-9192

+https://sourceware.org/bugzilla/show_bug.cgi?id=24269

+https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

+https://www.cve.org/CVERecord?id=CVE-2019-9192
+ + + + + + + +
+
+
+
+ Finding 1155: CVE-2021-23337 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 94 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
nodejs-lodash: command injection via template

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.17.21

+
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
+ + +
Mitigation
+ 
4.17.21
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2021-23337

+https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+https://github.com/advisories/GHSA-35jh-r3h4-6jhm

+https://github.com/lodash/lodash

+https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js

+https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851

+https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851

+https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml

+https://nvd.nist.gov/vuln/detail/CVE-2021-23337

+https://security.netapp.com/advisory/ntap-20210312-0006

+https://security.netapp.com/advisory/ntap-20210312-0006/

+https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

+https://snyk.io/vuln/SNYK-JS-LODASH-1040724

+https://www.cve.org/CVERecord?id=CVE-2021-23337

+https://www.oracle.com//security-alerts/cpujul2021.html

+https://www.oracle.com/security-alerts/cpujan2022.html

+https://www.oracle.com/security-alerts/cpujul2022.html

+https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1252: GHSA-4pg4-qvpc-4q3h in multer:1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.04% + / + 10.32% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
/juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Multer vulnerable to Denial of Service from maliciously crafted requests

+Related Vulnerability Description: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.

+Matcher: javascript-matcher

+Package URL: pkg:npm/multer@1.4.5-lts.2
+ + +
Mitigation
+ 
Upgrade to version: 2.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-4pg4-qvpc-4q3h

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-47944

+Related Vulnerability URLs:

+- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665

+- https://github.com/expressjs/multer/issues/1176

+- https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
+ + + + + + + +
+
+
+
+ Finding 1105: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
34
+ + + + + + + +
File Path
/src/routes/login.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1096: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
10
+ + + + + + + +
File Path
/src/data/static/codefixes/unionSqlInjectionChallenge_3.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1264: CVE-2025-4802 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.01% + / + 0.91% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + +
Mitigation
+ 
Upgrade to version: 2.36-9+deb12u11
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2025-4802

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-4802

+Related Vulnerability URLs:

+- https://sourceware.org/bugzilla/show_bug.cgi?id=32976

+- https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

+- http://www.openwall.com/lists/oss-security/2025/05/16/7

+- http://www.openwall.com/lists/oss-security/2025/05/17/2
+ + + + + + + +
+
+
+
+ Finding 1159: CVE-2020-8203 lodash.set 4.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 770 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash.set4.3.2
+ + + + + + + +
File Path
juice-shop/node_modules/lodash.set/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
+ + +
Description
+ 
nodejs-lodash: prototype pollution in zipObjectDeep function

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2020-8203

+https://github.com/advisories/GHSA-p6mc-m468-83gw

+https://github.com/github/advisory-database/pull/2884

+https://github.com/lodash/lodash

+https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12

+https://github.com/lodash/lodash/issues/4744

+https://github.com/lodash/lodash/issues/4874

+https://github.com/lodash/lodash/wiki/Changelog#v41719

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml

+https://hackerone.com/reports/712065

+https://hackerone.com/reports/864701

+https://nvd.nist.gov/vuln/detail/CVE-2020-8203

+https://security.netapp.com/advisory/ntap-20200724-0006

+https://security.netapp.com/advisory/ntap-20200724-0006/

+https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744

+https://www.cve.org/CVERecord?id=CVE-2020-8203

+https://www.npmjs.com/advisories/1523

+https://www.oracle.com//security-alerts/cpujul2021.html

+https://www.oracle.com/security-alerts/cpuApr2021.html

+https://www.oracle.com/security-alerts/cpuapr2022.html

+https://www.oracle.com/security-alerts/cpujan2022.html

+https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1124: CVE-2019-1010023 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+ + +
Description
+ 
glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
http://www.securityfocus.com/bid/109167

+https://access.redhat.com/security/cve/CVE-2019-1010023

+https://nvd.nist.gov/vuln/detail/CVE-2019-1010023

+https://security-tracker.debian.org/tracker/CVE-2019-1010023

+https://sourceware.org/bugzilla/show_bug.cgi?id=22851

+https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

+https://ubuntu.com/security/CVE-2019-1010023

+https://www.cve.org/CVERecord?id=CVE-2019-1010023
+ + + + + + + +
+
+
+
+ Finding 1132: NSWG-ECO-428 Base64url 0.0.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
base64url0.0.6
+ + + + + + + +
File Path
juice-shop/node_modules/base64url/package.json
+
+
+
+ + + + + +
Description
+ 
Out-of-bounds Read

+Target: Node.js

+Type: node-pkg

+Fixed version: >=3.0.0

+
base64url allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
+ + +
Mitigation
+ 

+
=3.0.0

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/brianloveswords/base64url/pull/25

+https://hackerone.com/reports/321687
+ + + + + + + +
+
+
+
+ Finding 1164: CVE-2022-24785 Moment 2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 22 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+ + +
Description
+ 
Moment.js: Path traversal  in moment.locale

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.29.2

+
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
+ + +
Mitigation
+ 
2.29.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-24785

+https://github.com/moment/moment

+https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5

+https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

+https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5

+https://nvd.nist.gov/vuln/detail/CVE-2022-24785

+https://security.netapp.com/advisory/ntap-20220513-0006

+https://security.netapp.com/advisory/ntap-20220513-0006/

+https://ubuntu.com/security/notices/USN-5559-1

+https://www.cve.org/CVERecord?id=CVE-2022-24785

+https://www.tenable.com/security/tns-2022-09
+ + + + + + + +
+
+
+
+ Finding 1163: CVE-2017-18214 Moment 2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 400 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
nodejs-moment: Regular expression denial of service

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.19.3

+
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
+ + +
Mitigation
+ 
2.19.3
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2017-18214

+https://github.com/advisories/GHSA-446m-mv8f-q348

+https://github.com/moment/moment

+https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb

+https://github.com/moment/moment/issues/4163

+https://github.com/moment/moment/pull/4326

+https://nodesecurity.io/advisories/532

+https://nvd.nist.gov/vuln/detail/CVE-2017-18214

+https://ubuntu.com/security/notices/USN-4786-1

+https://www.cve.org/CVERecord?id=CVE-2017-18214

+https://www.npmjs.com/advisories/532

+https://www.tenable.com/security/tns-2019-02
+ + + + + + + +
+
+
+
+ Finding 1119: CVE-2025-4802 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 426 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
+ + +
Description
+ 
glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 2.36-9+deb12u11

+
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
+ + +
Mitigation
+ 
2.36-9+deb12u11
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
http://www.openwall.com/lists/oss-security/2025/05/16/7

+http://www.openwall.com/lists/oss-security/2025/05/17/2

+https://access.redhat.com/errata/RHSA-2025:8655

+https://access.redhat.com/security/cve/CVE-2025-4802

+https://bugzilla.redhat.com/2367468

+https://bugzilla.redhat.com/show_bug.cgi?id=2367468

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802

+https://errata.almalinux.org/9/ALSA-2025-8655.html

+https://errata.rockylinux.org/RLSA-2025:8686

+https://linux.oracle.com/cve/CVE-2025-4802.html

+https://linux.oracle.com/errata/ELSA-2025-8686.html

+https://nvd.nist.gov/vuln/detail/CVE-2025-4802

+https://sourceware.org/bugzilla/show_bug.cgi?id=32976

+https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

+https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0

+https://ubuntu.com/security/notices/USN-7541-1

+https://www.cve.org/CVERecord?id=CVE-2025-4802

+https://www.openwall.com/lists/oss-security/2025/05/16/7

+https://www.openwall.com/lists/oss-security/2025/05/17/2
+ + + + + + + +
+
+
+
+ Finding 1166: CVE-2025-47935 Multer 1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 401 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Multer vulnerable to Denial of Service via memory leaks from unclosed streams

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.0.0

+
Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.
+ + +
Mitigation
+ 
2.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/expressjs/multer

+https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665

+https://github.com/expressjs/multer/pull/1120

+https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5

+https://nvd.nist.gov/vuln/detail/CVE-2025-47935
+ + + + + + + +
+
+
+
+ Finding 1134: CVE-2024-4068 Braces 2.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1050 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
braces2.3.2
+ + + + + + + +
File Path
juice-shop/node_modules/braces/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
braces: fails to limit the number of characters it can handle

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.0.3

+
The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
+ + +
Mitigation
+ 
3.0.3
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-4068

+https://devhub.checkmarx.com/cve-details/CVE-2024-4068

+https://devhub.checkmarx.com/cve-details/CVE-2024-4068/

+https://github.com/micromatch/braces

+https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308

+https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff

+https://github.com/micromatch/braces/issues/35

+https://github.com/micromatch/braces/pull/37

+https://github.com/micromatch/braces/pull/40

+https://nvd.nist.gov/vuln/detail/CVE-2024-4068

+https://www.cve.org/CVERecord?id=CVE-2024-4068
+ + + + + + + +
+
+
+
+ Finding 1167: CVE-2025-47944 Multer 1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 248 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Multer vulnerable to Denial of Service from maliciously crafted requests

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.0.0

+
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.
+ + +
Mitigation
+ 
2.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/expressjs/multer

+https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665

+https://github.com/expressjs/multer/issues/1176

+https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h

+https://nvd.nist.gov/vuln/detail/CVE-2025-47944
+ + + + + + + +
+
+
+
+ Finding 1260: GHSA-fjgf-rc76-4x9p in multer:1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + High + + + + 0.02% + / + 3.19% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
/juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Multer vulnerable to Denial of Service via unhandled exception from malformed request

+Related Vulnerability Description: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.

+Matcher: javascript-matcher

+Package URL: pkg:npm/multer@1.4.5-lts.2
+ + +
Mitigation
+ 
Upgrade to version: 2.0.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-fjgf-rc76-4x9p

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-7338

+Related Vulnerability URLs:

+- https://cna.openjsf.org/security-advisories.html

+- https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b

+- https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
+ + + + + + + +
+
+
+
+ Finding 1169: CVE-2025-7338 Multer 1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 248 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
multer: Multer Denial of Service

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.0.2

+
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.
+ + +
Mitigation
+ 
2.0.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2025-7338

+https://cna.openjsf.org/security-advisories.html

+https://github.com/expressjs/multer

+https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b

+https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p

+https://nvd.nist.gov/vuln/detail/CVE-2025-7338

+https://www.cve.org/CVERecord?id=CVE-2025-7338
+ + + + + + + +
+
+
+
+ Finding 1171: CVE-2022-25887 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1333 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
sanitize-html: insecure global regular expression replacement logic may lead to ReDoS

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.7.1

+
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
+ + +
Mitigation
+ 
2.7.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-25887

+https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c

+https://github.com/apostrophecms/sanitize-html/pull/557

+https://nvd.nist.gov/vuln/detail/CVE-2022-25887

+https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102

+https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526

+https://ubuntu.com/security/notices/USN-7464-1

+https://www.cve.org/CVERecord?id=CVE-2022-25887
+ + + + + + + +
+
+
+
+ Finding 1094: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
11
+ + + + + + + +
File Path
/src/data/static/codefixes/dbSchemaChallenge_3.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1138: CVE-2020-15084 Express-JWT 0.1.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 285 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
express-jwt0.1.3
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
+ + +
Description
+ 
Authorization bypass in express-jwt

+Target: Node.js

+Type: node-pkg

+Fixed version: 6.0.0

+
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have algorithms configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the secret. You can fix this by specifying algorithms in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.
+ + +
Mitigation
+ 
6.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef

+https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf

+https://nvd.nist.gov/vuln/detail/CVE-2020-15084
+ + + + + + + +
+
+
+
+ Finding 1095: javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 89 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
6
+ + + + + + + +
File Path
/src/data/static/codefixes/unionSqlInjectionChallenge_1.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.
+ + + + + + + + + + + + +
References
+ 
https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements
+ + + + + + + +
+
+
+
+ Finding 1140: CVE-2022-25881 HTTP-Cache-Semantics 3.8.1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1333 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
http-cache-semantics3.8.1
+ + + + + + + +
File Path
juice-shop/node_modules/http-cache-semantics/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.1.1

+
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
+ + +
Mitigation
+ 
4.1.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/errata/RHSA-2023:2655

+https://access.redhat.com/security/cve/CVE-2022-25881

+https://bugzilla.redhat.com/2165824

+https://bugzilla.redhat.com/2168631

+https://bugzilla.redhat.com/2171935

+https://bugzilla.redhat.com/2172190

+https://bugzilla.redhat.com/2172204

+https://bugzilla.redhat.com/2172217

+https://bugzilla.redhat.com/show_bug.cgi?id=2165824

+https://bugzilla.redhat.com/show_bug.cgi?id=2168631

+https://bugzilla.redhat.com/show_bug.cgi?id=2171935

+https://bugzilla.redhat.com/show_bug.cgi?id=2172190

+https://bugzilla.redhat.com/show_bug.cgi?id=2172204

+https://bugzilla.redhat.com/show_bug.cgi?id=2172217

+https://bugzilla.redhat.com/show_bug.cgi?id=2178076

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25881

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807

+https://errata.almalinux.org/9/ALSA-2023-2655.html

+https://errata.rockylinux.org/RLSA-2023:2655

+https://github.com/kornelski/http-cache-semantics

+https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83

+https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74

+https://linux.oracle.com/cve/CVE-2022-25881.html

+https://linux.oracle.com/errata/ELSA-2023-2655.html

+https://nvd.nist.gov/vuln/detail/CVE-2022-25881

+https://security.netapp.com/advisory/ntap-20230622-0008

+https://security.netapp.com/advisory/ntap-20230622-0008/

+https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332

+https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783

+https://www.cve.org/CVERecord?id=CVE-2022-25881
+ + + + + + + +
+
+
+
+ Finding 1141: CVE-2024-29415 Ip 2.0.1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 918 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
ip2.0.1
+ + + + + + + +
File Path
juice-shop/node_modules/ip/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
node-ip: Incomplete fix for CVE-2023-42282

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-29415

+https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html

+https://github.com/indutny/node-ip

+https://github.com/indutny/node-ip/issues/150

+https://github.com/indutny/node-ip/pull/143

+https://github.com/indutny/node-ip/pull/144

+https://nvd.nist.gov/vuln/detail/CVE-2024-29415

+https://security.netapp.com/advisory/ntap-20250117-0010

+https://security.netapp.com/advisory/ntap-20250117-0010/

+https://www.cve.org/CVERecord?id=CVE-2024-29415
+ + + + + + + +
+
+
+
+ Finding 1179: CVE-2024-38355 socket.io 3.1.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 20 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
socket.io3.1.2
+ + + + + + + +
File Path
juice-shop/node_modules/socket.io/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
socket.io: Unhandled 'error' event

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.5.1, 4.6.2

+
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit 15af22fc22 which has been included in socket.io@4.6.2 (released in May 2023). The fix was backported in the 2.x branch as well with commit d30630ba10. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.
+ + +
Mitigation
+ 
2.5.1, 4.6.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-38355

+https://github.com/socketio/socket.io

+https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115

+https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

+https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj

+https://nvd.nist.gov/vuln/detail/CVE-2024-38355

+https://www.cve.org/CVERecord?id=CVE-2024-38355

+https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355
+ + + + + + + +
+
+
+
+ Finding 1180: CVE-2023-32695 socket.io-parser 4.0.5 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 20 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
socket.io-parser4.0.5
+ + + + + + + +
File Path
juice-shop/node_modules/socket.io-parser/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
socket.io parser is a socket.io encoder and decoder written in JavaScr ...

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.2.3, 3.4.3, 3.3.4

+
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
+ + +
Mitigation
+ 
4.2.3, 3.4.3, 3.3.4
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/socketio/socket.io-parser

+https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9

+https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced

+https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3

+https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4

+https://github.com/socketio/socket.io-parser/releases/tag/4.2.3

+https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9

+https://nvd.nist.gov/vuln/detail/CVE-2023-32695
+ + + + + + + +
+
+
+
+ Finding 1143: CVE-2022-23539 Jsonwebtoken 0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 327 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
+ + +
Description
+ 
jsonwebtoken: Unrestricted key type could lead to legacy keys usagen

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option  to true in the sign() and/or verify() functions.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23539

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33

+https://nvd.nist.gov/vuln/detail/CVE-2022-23539

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23539
+ + + + + + + +
+
+
+
+ Finding 1182: CVE-2025-59343 Tar-Fs 2.1.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + High + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 22 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
tar-fs2.1.3
+ + + + + + + +
File Path
juice-shop/node_modules/tar-fs/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+ + +
Description
+ 
tar-fs: tar-fs symlink validation bypass

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.1.1, 2.1.4, 1.16.6

+
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
+ + +
Mitigation
+ 
3.1.1, 2.1.4, 1.16.6
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2025-59343

+https://github.com/mafintosh/tar-fs

+https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09

+https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v

+https://nvd.nist.gov/vuln/detail/CVE-2025-59343

+https://www.cve.org/CVERecord?id=CVE-2025-59343
+ + + + + + + +

Medium

+ +
+
+
+
+ Finding 1229: GHSA-3j7m-hmh3-9jmp in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.33% + / + 55.21% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Cross-Site Scripting in sanitize-html

+Related Vulnerability Description: sanitize-html before 1.4.3 has XSS.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 1.4.3
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-3j7m-hmh3-9jmp

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2016-1000237

+Related Vulnerability URLs:

+- https://nodesecurity.io/advisories/135

+- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json

+- https://nodesecurity.io/advisories/135

+- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json
+ + + + + + + +
+
+
+
+ Finding 1097: generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
17
+ + + + + + + +
File Path
/src/frontend/src/app/navbar/navbar.component.html
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: "{{ expr }}".
+ + + + + + + + + + + + +
References
+ 
https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss
+ + + + + + + +
+
+
+
+ Finding 1098: generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
15
+ + + + + + + +
File Path
/src/frontend/src/app/purchase-basket/purchase-basket.component.html
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: "{{ expr }}".
+ + + + + + + + + + + + +
References
+ 
https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss
+ + + + + + + +
+
+
+
+ Finding 1099: generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
40
+ + + + + + + +
File Path
/src/frontend/src/app/search-result/search-result.component.html
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: "{{ expr }}".
+ + + + + + + + + + + + +
References
+ 
https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss
+ + + + + + + +
+
+
+
+ Finding 1100: javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 798 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
56
+ + + + + + + +
File Path
/src/lib/insecurity.ts
+
+
+
+ + + + + +
Description
+ 
Result message: A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1101: javascript.express.security.injection.raw-html-format.raw-html-format + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
197
+ + + + + + + +
File Path
/src/routes/chatbot.ts
+
+
+
+ + + + + +
Description
+ 
Result message: User data flows into the host portion of this manually-constructed HTML. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Consider using a sanitization library such as DOMPurify to sanitize the HTML within.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1102: javascript.express.security.audit.express-res-sendfile.express-res-sendfile + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 73 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
33
+ + + + + + + +
File Path
/src/routes/fileServer.ts
+
+
+
+ + + + + +
Description
+ 
Result message: The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1103: javascript.express.security.audit.express-res-sendfile.express-res-sendfile + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 73 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
14
+ + + + + + + +
File Path
/src/routes/keyServer.ts
+
+
+
+ + + + + +
Description
+ 
Result message: The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1104: javascript.express.security.audit.express-res-sendfile.express-res-sendfile + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 73 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
14
+ + + + + + + +
File Path
/src/routes/logfileServer.ts
+
+
+
+ + + + + +
Description
+ 
Result message: The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1106: javascript.express.security.audit.express-res-sendfile.express-res-sendfile + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 73 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
14
+ + + + + + + +
File Path
/src/routes/quarantineServer.ts
+
+
+
+ + + + + +
Description
+ 
Result message: The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1107: javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 601 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
19
+ + + + + + + +
File Path
/src/routes/redirect.ts
+
+
+
+ + + + + +
Description
+ 
Result message: It looks like 'toUrl' is read from user input and it is used to as a redirect. Ensure 'toUrl' is not externally controlled, otherwise this is an open redirect.
+ + + + + + + + + + + + +
References
+ 
https://owasp.org/Top10/A01_2021-Broken_Access_Control
+ + + + + + + +
+
+
+
+ Finding 1108: javascript.express.security.audit.express-open-redirect.express-open-redirect + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 601 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
19
+ + + + + + + +
File Path
/src/routes/redirect.ts
+
+
+
+ + + + + +
Description
+ 
Result message: The application redirects to a URL specified by user-supplied input query that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.
+ + + + + + + + + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
+ + + + + + + +
+
+
+
+ Finding 1111: javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
58
+ + + + + + + +
File Path
/src/routes/videoHandler.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Cannot determine what 'subs' is and it is used with a '<script>' tag. This could be susceptible to cross-site scripting (XSS). Ensure 'subs' is not externally controlled, or sanitize this data.
+ + + + + + + + + + + + +
References
+ 
https://www.developsec.com/2017/11/09/xss-in-a-script-tag/

+https://github.com/juice-shop/juice-shop/blob/1ceb8751e986dacd3214a618c37e7411be6bc11a/routes/videoHandler.ts#L68
+ + + + + + + +
+
+
+
+ Finding 1112: javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
71
+ + + + + + + +
File Path
/src/routes/videoHandler.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Cannot determine what 'subs' is and it is used with a '<script>' tag. This could be susceptible to cross-site scripting (XSS). Ensure 'subs' is not externally controlled, or sanitize this data.
+ + + + + + + + + + + + +
References
+ 
https://www.developsec.com/2017/11/09/xss-in-a-script-tag/

+https://github.com/juice-shop/juice-shop/blob/1ceb8751e986dacd3214a618c37e7411be6bc11a/routes/videoHandler.ts#L68
+ + + + + + + +
+
+
+
+ Finding 1113: javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 548 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
269
+ + + + + + + +
File Path
/src/server.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.
+ + + + + + + + + + + + +
References
+ 
https://www.npmjs.com/package/serve-index

+https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
+ + + + + + + +
+
+
+
+ Finding 1114: javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 548 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
273
+ + + + + + + +
File Path
/src/server.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.
+ + + + + + + + + + + + +
References
+ 
https://www.npmjs.com/package/serve-index

+https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
+ + + + + + + +
+
+
+
+ Finding 1115: javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 548 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
277
+ + + + + + + +
File Path
/src/server.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.
+ + + + + + + + + + + + +
References
+ 
https://www.npmjs.com/package/serve-index

+https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
+ + + + + + + +
+
+
+
+ Finding 1116: javascript.express.security.audit.express-check-directory-listing.express-check-directory-listing + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 548 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
281
+ + + + + + + +
File Path
/src/server.ts
+
+
+
+ + + + + +
Description
+ 
Result message: Directory listing/indexing is enabled, which may lead to disclosure of sensitive directories and files. It is recommended to disable directory listing unless it is a public resource. If you need directory listing, ensure that sensitive files are inaccessible when querying the resource.
+ + + + + + + + + + + + +
References
+ 
https://www.npmjs.com/package/serve-index

+https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
+ + + + + + + +
+
+
+
+ Finding 1117: generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
21
+ + + + + + + +
File Path
/src/views/dataErasureForm.hbs
+
+
+
+ + + + + +
Description
+ 
Result message: Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: "{{ expr }}".
+ + + + + + + + + + + + +
References
+ 
https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss
+ + + + + + + +
+
+
+
+ Finding 1118: CVE-2022-27943 GCC-12-Base 12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
gcc-12-base12.2.0-14+deb12u1
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-27943

+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead

+https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+https://www.cve.org/CVERecord?id=CVE-2022-27943
+ + + + + + + +
+
+
+
+ Finding 1120: CVE-2025-8058 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 415 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
+ + +
Description
+ 
glibc: Double free in glibc

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 2.36-9+deb12u13

+
The regcomp function in the GNU C library version from 2.4 to 2.41 is 

+subject to a double free if some previous allocation fails. It can be 

+accomplished either by a malloc failure or by using an interposed malloc

+ that injects random malloc failures. The double free can allow buffer 

+manipulation depending of how the regex is constructed. This issue 

+affects all architectures and ABIs supported by the GNU C library.
+ + +
Mitigation
+ 
2.36-9+deb12u13
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/errata/RHSA-2025:12980

+https://access.redhat.com/security/cve/CVE-2025-8058

+https://bugzilla.redhat.com/2383146

+https://bugzilla.redhat.com/show_bug.cgi?id=2383146

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058

+https://errata.almalinux.org/8/ALSA-2025-12980.html

+https://errata.rockylinux.org/RLSA-2025:12980

+https://linux.oracle.com/cve/CVE-2025-8058.html

+https://linux.oracle.com/errata/ELSA-2025-20595.html

+https://nvd.nist.gov/vuln/detail/CVE-2025-8058

+https://sourceware.org/bugzilla/show_bug.cgi?id=33185

+https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005

+https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f

+https://ubuntu.com/security/notices/USN-7760-1

+https://www.cve.org/CVERecord?id=CVE-2025-8058
+ + + + + + + +
+
+
+
+ Finding 1121: CVE-2010-4756 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 399 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + + +
Description
+ 
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
http://cxib.net/stuff/glob-0day.c

+http://securityreason.com/achievement_securityalert/89

+http://securityreason.com/exploitalert/9223

+https://access.redhat.com/security/cve/CVE-2010-4756

+https://bugzilla.redhat.com/show_bug.cgi?id=681681

+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756

+https://nvd.nist.gov/vuln/detail/CVE-2010-4756

+https://www.cve.org/CVERecord?id=CVE-2010-4756
+ + + + + + + +
+
+
+
+ Finding 1125: CVE-2019-1010024 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 200 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
glibc: ASLR bypass using cache of thread stack and heap

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
http://www.securityfocus.com/bid/109162

+https://access.redhat.com/security/cve/CVE-2019-1010024

+https://nvd.nist.gov/vuln/detail/CVE-2019-1010024

+https://security-tracker.debian.org/tracker/CVE-2019-1010024

+https://sourceware.org/bugzilla/show_bug.cgi?id=22852

+https://support.f5.com/csp/article/K06046097

+https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+https://ubuntu.com/security/CVE-2019-1010024

+https://www.cve.org/CVERecord?id=CVE-2019-1010024
+ + + + + + + +
+
+
+
+ Finding 1126: CVE-2019-1010025 Libc6 2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 330 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
glibc: information disclosure of heap addresses of pthread_created thread

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2019-1010025

+https://nvd.nist.gov/vuln/detail/CVE-2019-1010025

+https://security-tracker.debian.org/tracker/CVE-2019-1010025

+https://sourceware.org/bugzilla/show_bug.cgi?id=22853

+https://support.f5.com/csp/article/K06046097

+https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+https://ubuntu.com/security/CVE-2019-1010025

+https://www.cve.org/CVERecord?id=CVE-2019-1010025
+ + + + + + + +
+
+
+
+ Finding 1128: CVE-2022-27943 Libgcc-S1 12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libgcc-s112.2.0-14+deb12u1
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-27943

+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead

+https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+https://www.cve.org/CVERecord?id=CVE-2022-27943
+ + + + + + + +
+
+
+
+ Finding 1129: CVE-2022-27943 Libgomp1 12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libgomp112.2.0-14+deb12u1
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-27943

+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead

+https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+https://www.cve.org/CVERecord?id=CVE-2022-27943
+ + + + + + + +
+
+
+
+ Finding 1131: CVE-2022-27943 Libstdc++6 12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 674 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libstdc++612.2.0-14+deb12u1
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-27943

+https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79

+https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead

+https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html

+https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+https://www.cve.org/CVERecord?id=CVE-2022-27943
+ + + + + + + +
+
+
+
+ Finding 1133: GHSA-rvg8-pwq2-xj7q Base64url 0.0.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
base64url0.0.6
+ + + + + + + +
File Path
juice-shop/node_modules/base64url/package.json
+
+
+
+ + + + + +
Description
+ 
Out-of-bounds Read in base64url

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.0.0

+
Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

+
Recommendation

+
Update to version 3.0.0 or later.
+ + +
Mitigation
+ 
3.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/brianloveswords/base64url

+https://github.com/brianloveswords/base64url/commit/4fbd954a0a69e9d898de2146557cc6e893e79542

+https://github.com/brianloveswords/base64url/pull/25

+https://hackerone.com/reports/321687
+ + + + + + + +
+
+
+
+ Finding 1137: CVE-2022-41940 engine.io 4.1.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 248 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
engine.io4.1.2
+ + + + + + + +
File Path
juice-shop/node_modules/engine.io/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
engine.io: Specially crafted HTTP request can trigger an uncaught exception

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.6.1, 6.2.1

+
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.
+ + +
Mitigation
+ 
3.6.1, 6.2.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-41940

+https://github.com/socketio/engine.io

+https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6

+https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085

+https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w

+https://nvd.nist.gov/vuln/detail/CVE-2022-41940

+https://www.cve.org/CVERecord?id=CVE-2022-41940
+ + + + + + + +
+
+
+
+ Finding 1139: CVE-2022-33987 Got 8.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
got8.3.2
+ + + + + + + +
File Path
juice-shop/node_modules/got/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

+Target: Node.js

+Type: node-pkg

+Fixed version: 12.1.0, 11.8.5

+
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
+ + +
Mitigation
+ 
12.1.0, 11.8.5
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/errata/RHSA-2022:6595

+https://access.redhat.com/security/cve/CVE-2022-33987

+https://bugzilla.redhat.com/1907444

+https://bugzilla.redhat.com/1945459

+https://bugzilla.redhat.com/1964461

+https://bugzilla.redhat.com/2007557

+https://bugzilla.redhat.com/2098556

+https://bugzilla.redhat.com/2102001

+https://bugzilla.redhat.com/2105422

+https://bugzilla.redhat.com/2105426

+https://bugzilla.redhat.com/2105428

+https://bugzilla.redhat.com/2105430

+https://errata.almalinux.org/9/ALSA-2022-6595.html

+https://github.com/sindresorhus/got

+https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc

+https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0

+https://github.com/sindresorhus/got/pull/2047

+https://github.com/sindresorhus/got/releases/tag/v11.8.5

+https://github.com/sindresorhus/got/releases/tag/v12.1.0

+https://linux.oracle.com/cve/CVE-2022-33987.html

+https://linux.oracle.com/errata/ELSA-2022-6595.html

+https://nvd.nist.gov/vuln/detail/CVE-2022-33987

+https://www.cve.org/CVERecord?id=CVE-2022-33987
+ + + + + + + +
+
+
+
+ Finding 1145: CVE-2022-23540 Jsonwebtoken 0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 287 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
+ + +
Description
+ 
jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23540

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+https://nvd.nist.gov/vuln/detail/CVE-2022-23540

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23540
+ + + + + + + +
+
+
+
+ Finding 1146: CVE-2022-23541 Jsonwebtoken 0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 287 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of  forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23541

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+https://nvd.nist.gov/vuln/detail/CVE-2022-23541

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23541
+ + + + + + + +
+
+
+
+ Finding 1150: CVE-2022-23540 Jsonwebtoken 0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 287 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
+ + +
Description
+ 
jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23540

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+https://nvd.nist.gov/vuln/detail/CVE-2022-23540

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23540
+ + + + + + + +
+
+
+
+ Finding 1151: CVE-2022-23541 Jsonwebtoken 0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 287 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

+Target: Node.js

+Type: node-pkg

+Fixed version: 9.0.0

+
jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of  forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.
+ + +
Mitigation
+ 
9.0.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2022-23541

+https://github.com/auth0/node-jsonwebtoken

+https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+https://nvd.nist.gov/vuln/detail/CVE-2022-23541

+https://security.netapp.com/advisory/ntap-20240621-0007

+https://security.netapp.com/advisory/ntap-20240621-0007/

+https://www.cve.org/CVERecord?id=CVE-2022-23541
+ + + + + + + +
+
+
+
+ Finding 1154: CVE-2018-16487 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 400 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
lodash: Prototype pollution in utilities function

+Target: Node.js

+Type: node-pkg

+Fixed version: >=4.17.11

+
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
+ + +
Mitigation
+ 

+
=4.17.11

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2018-16487

+https://github.com/advisories/GHSA-4xc9-xhrj-v574

+https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-16487.yml

+https://hackerone.com/reports/380873

+https://nvd.nist.gov/vuln/detail/CVE-2018-16487

+https://security.netapp.com/advisory/ntap-20190919-0004

+https://security.netapp.com/advisory/ntap-20190919-0004/

+https://www.cve.org/CVERecord?id=CVE-2018-16487

+https://www.npmjs.com/advisories/782
+ + + + + + + +
+
+
+
+ Finding 1156: CVE-2019-1010266 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 400 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
lodash: uncontrolled resource consumption in Data handler causing denial of service

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.17.11

+
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
+ + +
Mitigation
+ 
4.17.11
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2019-1010266

+https://github.com/advisories/GHSA-x5rq-j2xg-h7qm

+https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347

+https://github.com/lodash/lodash/issues/3359

+https://github.com/lodash/lodash/wiki/Changelog

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-1010266.yml

+https://nvd.nist.gov/vuln/detail/CVE-2019-1010266

+https://security.netapp.com/advisory/ntap-20190919-0004

+https://security.netapp.com/advisory/ntap-20190919-0004/

+https://snyk.io/vuln/SNYK-JS-LODASH-73639

+https://www.cve.org/CVERecord?id=CVE-2019-1010266
+ + + + + + + +
+
+
+
+ Finding 1157: CVE-2020-28500 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
+ + +
Description
+ 
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.17.21

+
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
+ + +
Mitigation
+ 
4.17.21
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2020-28500

+https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+https://github.com/advisories/GHSA-29mw-wpgm-hmr9

+https://github.com/lodash/lodash

+https://github.com/lodash/lodash/blob/npm/trimEnd.js

+https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8

+https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

+https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a

+https://github.com/lodash/lodash/pull/5065

+https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml

+https://nvd.nist.gov/vuln/detail/CVE-2020-28500

+https://security.netapp.com/advisory/ntap-20210312-0006

+https://security.netapp.com/advisory/ntap-20210312-0006/

+https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

+https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

+https://snyk.io/vuln/SNYK-JS-LODASH-1018905

+https://www.cve.org/CVERecord?id=CVE-2020-28500

+https://www.oracle.com//security-alerts/cpujul2021.html

+https://www.oracle.com/security-alerts/cpujan2022.html

+https://www.oracle.com/security-alerts/cpujul2022.html

+https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1158: CVE-2018-3721 Lodash 2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 471 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
+ + +
Description
+ 
lodash: Prototype pollution in utilities function

+Target: Node.js

+Type: node-pkg

+Fixed version: >=4.17.5

+
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
+ + +
Mitigation
+ 

+
=4.17.5

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2018-3721

+https://github.com/advisories/GHSA-fvqr-27wr-82fm

+https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a

+https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2018-3721.yml

+https://hackerone.com/reports/310443

+https://nvd.nist.gov/vuln/detail/CVE-2018-3721

+https://security.netapp.com/advisory/ntap-20190919-0004

+https://security.netapp.com/advisory/ntap-20190919-0004/

+https://snyk.io/vuln/npm:lodash:20180130

+https://www.cve.org/CVERecord?id=CVE-2018-3721

+https://www.npmjs.com/advisories/577
+ + + + + + + +
+
+
+
+ Finding 1178: NSWG-ECO-154 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + + +
Description
+ 
Cross Site Scripting

+Target: Node.js

+Type: node-pkg

+Fixed version: >=1.11.4

+
Sanitize-html is a library for scrubbing html input of malicious values.

+
Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios:

+
If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

+PoC:

+
var sanitizeHtml = require('sanitize-html');
+
+var dirty = '!<textarea>&lt;/textarea&gt;<svg/onload=prompt`xs`&gt;</textarea>!';
+var clean = sanitizeHtml(dirty, {
+    allowedTags: [ 'textarea' ]
+});
+
+console.log(clean);
+
+// !<textarea></textarea><svg/onload=prompt`xs`></textarea>!
+
+ + +
Mitigation
+ 

+
=1.11.4

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403

+https://github.com/punkave/sanitize-html/issues/100
+ + + + + + + +
+
+
+
+ Finding 1162: CVE-2024-4067 Micromatch 3.1.10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1333 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
micromatch3.1.10
+ + + + + + + +
File Path
juice-shop/node_modules/micromatch/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
+ + +
Description
+ 
micromatch: vulnerable to Regular Expression Denial of Service

+Target: Node.js

+Type: node-pkg

+Fixed version: 4.0.8

+
The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in micromatch.braces() in index.js because the pattern .* will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
+ + +
Mitigation
+ 
4.0.8
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-4067

+https://advisory.checkmarx.net/advisory/CVE-2024-4067

+https://advisory.checkmarx.net/advisory/CVE-2024-4067/

+https://devhub.checkmarx.com/cve-details/CVE-2024-4067

+https://devhub.checkmarx.com/cve-details/CVE-2024-4067/

+https://github.com/micromatch/micromatch

+https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448

+https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade

+https://github.com/micromatch/micromatch/commit/500d5d6f42f0e8dfa1cb5464c6cb420b1b6aaaa0

+https://github.com/micromatch/micromatch/issues/243

+https://github.com/micromatch/micromatch/pull/247

+https://github.com/micromatch/micromatch/pull/266

+https://github.com/micromatch/micromatch/releases/tag/4.0.8

+https://nvd.nist.gov/vuln/detail/CVE-2024-4067

+https://www.cve.org/CVERecord?id=CVE-2024-4067
+ + + + + + + +
+
+
+
+ Finding 1165: CVE-2016-4055 Moment 2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 400 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
moment.js: regular expression denial of service

+Target: Node.js

+Type: node-pkg

+Fixed version: >=2.11.2

+
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
+ + +
Mitigation
+ 

+
=2.11.2

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
http://www.openwall.com/lists/oss-security/2016/04/20/11

+http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

+http://www.securityfocus.com/bid/95849

+https://access.redhat.com/security/cve/CVE-2016-4055

+https://github.com/advisories/GHSA-87vv-r9j6-g5qv

+https://github.com/moment/moment

+https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E

+https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E

+https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E

+https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E

+https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E

+https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E

+https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E

+https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E

+https://nodesecurity.io/advisories/55

+https://nvd.nist.gov/vuln/detail/CVE-2016-4055

+https://ubuntu.com/security/notices/USN-4786-1

+https://www.cve.org/CVERecord?id=CVE-2016-4055

+https://www.npmjs.com/advisories/55

+https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

+https://www.tenable.com/security/tns-2019-02
+ + + + + + + +
+
+
+
+ Finding 1190: Secret Detected in /juice-shop/frontend/src/app/last-login-ip/last-login-ip.component.spec.ts - JWT Token + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
61
+ + + + + + + +
File Path
/juice-shop/frontend/src/app/last-login-ip/last-login-ip.component.spec.ts
+
+
+
+ + + + + +
Description
+ 
JWT token

+Category: JWT

+Match: ocalStorage.setItem('token', '*******************')
+ + + + + + + + + + + + + + + + + + +
+
+
+
+ Finding 1168: CVE-2025-48997 Multer 1.4.5-lts.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 248 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
multer1.4.5-lts.2
+ + + + + + + +
File Path
juice-shop/node_modules/multer/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
+ + +
Description
+ 
multer: Multer vulnerable to Denial of Service via unhandled exception

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.0.1

+
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to 2.0.1 to receive a patch. No known workarounds are available.
+ + +
Mitigation
+ 
2.0.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2025-48997

+https://github.com/expressjs/multer

+https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9

+https://github.com/expressjs/multer/issues/1233

+https://github.com/expressjs/multer/pull/1256

+https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg

+https://nvd.nist.gov/vuln/detail/CVE-2025-48997

+https://www.cve.org/CVERecord?id=CVE-2025-48997
+ + + + + + + +
+
+
+
+ Finding 1170: CVE-2021-23771 Notevil 1.3.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 1321 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
notevil1.3.3
+ + + + + + + +
File Path
juice-shop/node_modules/notevil/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
+ + +
Description
+ 
Sandbox escape in notevil and argencoders-notevil

+Target: Node.js

+Type: node-pkg

+Fixed version: 

+
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://github.com/mmckegg/notevil

+https://nvd.nist.gov/vuln/detail/CVE-2021-23771

+https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587

+https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946
+ + + + + + + +
+
+
+
+ Finding 1172: CVE-2016-1000237 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
XSS - Sanitization not applied recursively

+Target: Node.js

+Type: node-pkg

+Fixed version: >=1.4.3

+
sanitize-html before 1.4.3 has XSS.
+ + +
Mitigation
+ 

+
=1.4.3

+
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/apostrophecms/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf

+https://github.com/apostrophecms/sanitize-html/issues/29

+https://github.com/punkave/sanitize-html/issues/29

+https://nodesecurity.io/advisories/135

+https://nvd.nist.gov/vuln/detail/CVE-2016-1000237

+https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json

+https://www.npmjs.com/advisories/135
+ + + + + + + +
+
+
+
+ Finding 1173: CVE-2017-16016 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
Cross-Site Scripting in sanitize-html

+Target: Node.js

+Type: node-pkg

+Fixed version: 1.11.4

+
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.
+ + +
Mitigation
+ 
1.11.4
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/advisories/GHSA-xc6g-ggrc-qq4r

+https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403

+https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403)))

+https://github.com/punkave/sanitize-html/issues/100

+https://nodesecurity.io/advisories/154

+https://npmjs.com/package/sanitize-html#discarding-the-entire-contents-of-a-disallowed-tag

+https://nvd.nist.gov/vuln/detail/CVE-2017-16016

+https://www.npmjs.com/advisories/154
+ + + + + + + +
+
+
+
+ Finding 1174: CVE-2019-25225 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
sanitize-html: sanitize-html cross site scripting

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.0.0-beta

+
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The sanitizeHtml() function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.
+ + +
Mitigation
+ 
2.0.0-beta
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2019-25225

+https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2019/CVE-2019-25225

+https://github.com/apostrophecms/sanitize-html

+https://github.com/apostrophecms/sanitize-html/commit/712cb6895825c8bb6ede71a16b42bade42abcaf3

+https://github.com/apostrophecms/sanitize-html/issues/293

+https://github.com/apostrophecms/sanitize-html/pull/156

+https://nvd.nist.gov/vuln/detail/CVE-2019-25225

+https://www.cve.org/CVERecord?id=CVE-2019-25225
+ + + + + + + +
+
+
+
+ Finding 1175: CVE-2021-26539 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.3.1

+
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
+ + +
Mitigation
+ 
2.3.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2021-26539

+https://advisory.checkmarx.net/advisory/CX-2021-4308

+https://github.com/apostrophecms/sanitize-html

+https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22

+https://github.com/apostrophecms/sanitize-html/commit/bdf7836ef8f0e5b21f9a1aab0623ae8fcd09c1da

+https://github.com/apostrophecms/sanitize-html/pull/458

+https://nvd.nist.gov/vuln/detail/CVE-2021-26539

+https://www.cve.org/CVERecord?id=CVE-2021-26539
+ + + + + + + +
+
+
+
+ Finding 1176: CVE-2021-26540 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.3.2

+
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\example.com".
+ + +
Mitigation
+ 
2.3.2
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2021-26540

+https://advisory.checkmarx.net/advisory/CX-2021-4309

+https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

+https://github.com/apostrophecms/sanitize-html/pull/460

+https://nvd.nist.gov/vuln/detail/CVE-2021-26540

+https://www.cve.org/CVERecord?id=CVE-2021-26540
+ + + + + + + +
+
+
+
+ Finding 1177: CVE-2024-21501 Sanitize-HTML 1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 200 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
sanitize-html: Information Exposure when used on the backend

+Target: Node.js

+Type: node-pkg

+Fixed version: 2.12.1

+
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
+ + +
Mitigation
+ 
2.12.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-21501

+https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf

+https://github.com/apostrophecms/apostrophe/discussions/4436

+https://github.com/apostrophecms/sanitize-html

+https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4

+https://github.com/apostrophecms/sanitize-html/pull/650

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S

+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/

+https://nvd.nist.gov/vuln/detail/CVE-2024-21501

+https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557

+https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334

+https://www.cve.org/CVERecord?id=CVE-2024-21501
+ + + + + + + +
+
+
+
+ Finding 1181: CVE-2024-28863 Tar 4.4.19 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 400 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
tar4.4.19
+ + + + + + + +
File Path
juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
node-tar: denial of service while parsing a tar file due to lack of folders depth validation

+Target: Node.js

+Type: node-pkg

+Fixed version: 6.2.1

+
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
+ + +
Mitigation
+ 
6.2.1
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/errata/RHSA-2024:6147

+https://access.redhat.com/security/cve/CVE-2024-28863

+https://bugzilla.redhat.com/2293200

+https://bugzilla.redhat.com/2296417

+https://errata.almalinux.org/9/ALSA-2024-6147.html

+https://github.com/isaacs/node-tar

+https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7

+https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 (v6.2.1)

+https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36

+https://linux.oracle.com/cve/CVE-2024-28863.html

+https://linux.oracle.com/errata/ELSA-2024-6148.html

+https://nvd.nist.gov/vuln/detail/CVE-2024-28863

+https://security.netapp.com/advisory/ntap-20240524-0005

+https://security.netapp.com/advisory/ntap-20240524-0005/

+https://www.cve.org/CVERecord?id=CVE-2024-28863
+ + + + + + + +
+
+
+
+ Finding 1186: CVE-2023-32313 Vm2 3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Medium + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 74 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
vm2: Inspect Manipulation

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.9.18

+
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. Users unable to upgrade may make the inspect method readonly with vm.readonly(inspect) after creating a vm.
+ + +
Mitigation
+ 
3.9.18
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2023-32313

+https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550

+https://github.com/patriksimek/vm2

+https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238

+https://github.com/patriksimek/vm2/releases/tag/3.9.18

+https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v

+https://nvd.nist.gov/vuln/detail/CVE-2023-32313

+https://www.cve.org/CVERecord?id=CVE-2023-32313
+ + + + + + + +
+
+
+
+ Finding 1189: Secret Detected in /juice-shop/frontend/src/app/app.guard.spec.ts - JWT Token + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + +
Line Number
38
+ + + + + + + +
File Path
/juice-shop/frontend/src/app/app.guard.spec.ts
+
+
+
+ + + + + +
Description
+ 
JWT token

+Category: JWT

+Match: ocalStorage.setItem('token', '***********************')
+ + + + + + + + + + + + + + + + + + +
+
+
+
+ Finding 1217: GHSA-87vv-r9j6-g5qv in moment:2.0.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 3.85% + / + 87.74% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
moment2.0.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/moment/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Regular Expression Denial of Service in moment

+Related Vulnerability Description: The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

+Matcher: javascript-matcher

+Package URL: pkg:npm/moment@2.0.0
+ + +
Mitigation
+ 
Upgrade to version: 2.11.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-87vv-r9j6-g5qv

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2016-4055

+Related Vulnerability URLs:

+- http://www.openwall.com/lists/oss-security/2016/04/20/11

+- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

+- http://www.securityfocus.com/bid/95849

+- https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E

+- https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E

+- https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E

+- https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E

+- https://nodesecurity.io/advisories/55

+- https://www.tenable.com/security/tns-2019-02

+- http://www.openwall.com/lists/oss-security/2016/04/20/11

+- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

+- http://www.securityfocus.com/bid/95849

+- https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E

+- https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E

+- https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E

+- https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E

+- https://nodesecurity.io/advisories/55

+- https://www.tenable.com/security/tns-2019-02
+ + + + + + + +
+
+
+
+ Finding 1218: GHSA-r7qp-cfhv-p84w in engine.io:4.1.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 3.33% + / + 86.80% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
engine.io4.1.2
+ + + + + + + +
File Path
/juice-shop/node_modules/engine.io/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Uncaught exception in engine.io

+Related Vulnerability Description: Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.

+Matcher: javascript-matcher

+Package URL: pkg:npm/engine.io@4.1.2
+ + +
Mitigation
+ 
Upgrade to version: 6.2.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-r7qp-cfhv-p84w

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-41940

+Related Vulnerability URLs:

+- https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6

+- https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085

+- https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w

+- https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6

+- https://github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085

+- https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w
+ + + + + + + +
+
+
+
+ Finding 1221: GHSA-rm97-x556-q36h in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 1.34% + / + 79.35% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: sanitize-html Information Exposure vulnerability

+Related Vulnerability Description: Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 2.12.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-rm97-x556-q36h

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-21501

+Related Vulnerability URLs:

+- https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf

+- https://github.com/apostrophecms/apostrophe/discussions/4436

+- https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4

+- https://github.com/apostrophecms/sanitize-html/pull/650

+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/

+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557

+- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334

+- https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf

+- https://github.com/apostrophecms/apostrophe/discussions/4436

+- https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4

+- https://github.com/apostrophecms/sanitize-html/pull/650

+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/

+- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4I5X6V3LYUNBMZ5YOW4BV427TH3IK4S/

+- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557

+- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
+ + + + + + + +
+
+
+
+ Finding 1224: GHSA-pfrx-2q88-qq97 in got:8.3.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.79% + / + 73.04% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
got8.3.2
+ + + + + + + +
File Path
/juice-shop/node_modules/got/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Got allows a redirect to a UNIX socket

+Related Vulnerability Description: The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

+Matcher: javascript-matcher

+Package URL: pkg:npm/got@8.3.2
+ + +
Mitigation
+ 
Upgrade to version: 11.8.5
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-pfrx-2q88-qq97

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-33987

+Related Vulnerability URLs:

+- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0

+- https://github.com/sindresorhus/got/pull/2047

+- https://github.com/sindresorhus/got/releases/tag/v11.8.5

+- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0

+- https://github.com/sindresorhus/got/pull/2047

+- https://github.com/sindresorhus/got/releases/tag/v11.8.5
+ + + + + + + +
+
+
+
+ Finding 1235: GHSA-fvqr-27wr-82fm in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.22% + / + 44.79% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Prototype Pollution in lodash

+Related Vulnerability Description: lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.5
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-fvqr-27wr-82fm

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

+Related Vulnerability URLs:

+- https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a

+- https://hackerone.com/reports/310443

+- https://security.netapp.com/advisory/ntap-20190919-0004/

+- https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a

+- https://hackerone.com/reports/310443

+- https://security.netapp.com/advisory/ntap-20190919-0004/
+ + + + + + + +
+
+
+
+ Finding 1226: GHSA-p5gc-c584-jj6v in vm2:3.9.17 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.65% + / + 70.05% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
vm23.9.17
+ + + + + + + +
File Path
/juice-shop/node_modules/vm2/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: vm2 vulnerable to Inspect Manipulation

+Related Vulnerability Description: vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. Users unable to upgrade may make the inspect method readonly with vm.readonly(inspect) after creating a vm.

+Matcher: javascript-matcher

+Package URL: pkg:npm/vm2@3.9.17
+ + +
Mitigation
+ 
Upgrade to version: 3.9.18
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-p5gc-c584-jj6v

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-32313

+Related Vulnerability URLs:

+- https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550

+- https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238

+- https://github.com/patriksimek/vm2/releases/tag/3.9.18

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v

+- https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550

+- https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238

+- https://github.com/patriksimek/vm2/releases/tag/3.9.18

+- https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v
+ + + + + + + +
+
+
+
+ Finding 1230: GHSA-8g4m-cjm2-96wq in notevil:1.3.3 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.30% + / + 53.23% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
notevil1.3.3
+ + + + + + + +
File Path
/juice-shop/node_modules/notevil/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Sandbox escape in notevil and argencoders-notevil

+Related Vulnerability Description: This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives from an incomplete fix in SNYK-JS-NOTEVIL-608878.

+Matcher: javascript-matcher

+Package URL: pkg:npm/notevil@1.3.3
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-8g4m-cjm2-96wq

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2021-23771

+Related Vulnerability URLs:

+- https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587

+- https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946

+- https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587

+- https://snyk.io/vuln/SNYK-JS-NOTEVIL-2385946
+ + + + + + + +
+
+
+
+ Finding 1232: GHSA-mjxr-4v3x-q3m4 in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.29% + / + 51.97% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Improper Input Validation in sanitize-html

+Related Vulnerability Description: Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\example.com".

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 2.3.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-mjxr-4v3x-q3m4

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2021-26540

+Related Vulnerability URLs:

+- https://advisory.checkmarx.net/advisory/CX-2021-4309

+- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

+- https://github.com/apostrophecms/sanitize-html/pull/460

+- https://advisory.checkmarx.net/advisory/CX-2021-4309

+- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26

+- https://github.com/apostrophecms/sanitize-html/pull/460
+ + + + + + + +
+
+
+
+ Finding 1233: GHSA-rjqq-98f6-6j3r in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.29% + / + 51.97% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Improper Input Validation in sanitize-html

+Related Vulnerability Description: Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 2.3.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-rjqq-98f6-6j3r

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2021-26539

+Related Vulnerability URLs:

+- https://advisory.checkmarx.net/advisory/CX-2021-4308

+- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22

+- https://github.com/apostrophecms/sanitize-html/pull/458

+- https://advisory.checkmarx.net/advisory/CX-2021-4308

+- https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22

+- https://github.com/apostrophecms/sanitize-html/pull/458
+ + + + + + + +
+
+
+
+ Finding 1234: GHSA-xc6g-ggrc-qq4r in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.29% + / + 51.75% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Cross-Site Scripting in sanitize-html

+Related Vulnerability Description: Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 1.11.4
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-xc6g-ggrc-qq4r

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2017-16016

+Related Vulnerability URLs:

+- https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403

+- https://github.com/punkave/sanitize-html/issues/100

+- https://nodesecurity.io/advisories/154

+- https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403

+- https://github.com/punkave/sanitize-html/issues/100

+- https://nodesecurity.io/advisories/154
+ + + + + + + +
+
+
+
+ Finding 1237: GHSA-f5x3-32g6-xq36 in tar:4.4.19 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.21% + / + 42.89% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
tar4.4.19
+ + + + + + + +
File Path
/juice-shop/node_modules/node-pre-gyp/node_modules/tar/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Denial of service while parsing a tar file due to lack of folders count validation

+Related Vulnerability Description: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.

+Matcher: javascript-matcher

+Package URL: pkg:npm/tar@4.4.19
+ + +
Mitigation
+ 
Upgrade to version: 6.2.1
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-f5x3-32g6-xq36

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-28863

+Related Vulnerability URLs:

+- https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7

+- https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36

+- https://security.netapp.com/advisory/ntap-20240524-0005/

+- https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7

+- https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36

+- https://security.netapp.com/advisory/ntap-20240524-0005/
+ + + + + + + +
+
+
+
+ Finding 1238: GHSA-29mw-wpgm-hmr9 in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.20% + / + 42.67% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Regular Expression Denial of Service (ReDoS) in lodash

+Related Vulnerability Description: Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.21
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-29mw-wpgm-hmr9

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2020-28500

+Related Vulnerability URLs:

+- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+- https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

+- https://github.com/lodash/lodash/pull/5065

+- https://security.netapp.com/advisory/ntap-20210312-0006/

+- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

+- https://snyk.io/vuln/SNYK-JS-LODASH-1018905

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpujul2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html

+- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

+- https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

+- https://github.com/lodash/lodash/pull/5065

+- https://security.netapp.com/advisory/ntap-20210312-0006/

+- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

+- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

+- https://snyk.io/vuln/SNYK-JS-LODASH-1018905

+- https://www.oracle.com//security-alerts/cpujul2021.html

+- https://www.oracle.com/security-alerts/cpujan2022.html

+- https://www.oracle.com/security-alerts/cpujul2022.html

+- https://www.oracle.com/security-alerts/cpuoct2021.html
+ + + + + + + +
+
+
+
+ Finding 1239: GHSA-cqmj-92xf-r6r9 in socket.io-parser:4.0.5 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.16% + / + 37.82% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
socket.io-parser4.0.5
+ + + + + + + +
File Path
/juice-shop/node_modules/socket.io-parser/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Insufficient validation when decoding a Socket.IO packet

+Related Vulnerability Description: socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

+Matcher: javascript-matcher

+Package URL: pkg:npm/socket.io-parser@4.0.5
+ + +
Mitigation
+ 
Upgrade to version: 4.2.3
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-cqmj-92xf-r6r9

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2023-32695

+Related Vulnerability URLs:

+- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced

+- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3

+- https://github.com/socketio/socket.io-parser/releases/tag/4.2.3

+- https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9

+- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced

+- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3

+- https://github.com/socketio/socket.io-parser/releases/tag/4.2.3

+- https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9
+ + + + + + + +
+
+
+
+ Finding 1240: GHSA-x5rq-j2xg-h7qm in lodash:2.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.20% + / + 41.91% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
lodash2.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Regular Expression Denial of Service (ReDoS) in lodash

+Related Vulnerability Description: lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

+Matcher: javascript-matcher

+Package URL: pkg:npm/lodash@2.4.2
+ + +
Mitigation
+ 
Upgrade to version: 4.17.11
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-x5rq-j2xg-h7qm

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-1010266

+Related Vulnerability URLs:

+- https://github.com/lodash/lodash/issues/3359

+- https://github.com/lodash/lodash/wiki/Changelog

+- https://security.netapp.com/advisory/ntap-20190919-0004/

+- https://snyk.io/vuln/SNYK-JS-LODASH-73639

+- https://github.com/lodash/lodash/issues/3359

+- https://github.com/lodash/lodash/wiki/Changelog

+- https://security.netapp.com/advisory/ntap-20190919-0004/

+- https://snyk.io/vuln/SNYK-JS-LODASH-73639
+ + + + + + + +
+
+
+
+ Finding 1243: GHSA-952p-6rrq-rcjv in micromatch:3.1.10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.13% + / + 32.79% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
micromatch3.1.10
+ + + + + + + +
File Path
/juice-shop/node_modules/micromatch/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Regular Expression Denial of Service (ReDoS) in micromatch

+Related Vulnerability Description: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in micromatch.braces() in index.js because the pattern .* will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.

+Matcher: javascript-matcher

+Package URL: pkg:npm/micromatch@3.1.10
+ + +
Mitigation
+ 
Upgrade to version: 4.0.8
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-952p-6rrq-rcjv

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-4067

+Related Vulnerability URLs:

+- https://advisory.checkmarx.net/advisory/CVE-2024-4067/

+- https://devhub.checkmarx.com/cve-details/CVE-2024-4067/

+- https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade

+- https://github.com/micromatch/micromatch/pull/266

+- https://github.com/micromatch/micromatch/releases/tag/4.0.8

+- https://devhub.checkmarx.com/cve-details/CVE-2024-4067/

+- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448

+- https://github.com/micromatch/micromatch/issues/243

+- https://github.com/micromatch/micromatch/pull/247
+ + + + + + + +
+
+
+
+ Finding 1244: GHSA-25hc-qcg6-38wj in socket.io:3.1.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.10% + / + 28.41% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
socket.io3.1.2
+ + + + + + + +
File Path
/juice-shop/node_modules/socket.io/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: socket.io has an unhandled 'error' event

+Related Vulnerability Description: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit 15af22fc22 which has been included in socket.io@4.6.2 (released in May 2023). The fix was backported in the 2.x branch as well with commit d30630ba10. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.

+Matcher: javascript-matcher

+Package URL: pkg:npm/socket.io@3.1.2
+ + +
Mitigation
+ 
Upgrade to version: 4.6.2
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-25hc-qcg6-38wj

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-38355

+Related Vulnerability URLs:

+- https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115

+- https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

+- https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj

+- https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115

+- https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

+- https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj

+- https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355
+ + + + + + + +
+
+
+
+ Finding 1274: GHSA-rvg8-pwq2-xj7q in base64url:0.0.6 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + N.A. + / + N.A. + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
base64url0.0.6
+ + + + + + + +
File Path
/juice-shop/node_modules/base64url/package.json
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: Out-of-bounds Read in base64url

+Matcher: javascript-matcher

+Package URL: pkg:npm/base64url@0.0.6
+ + +
Mitigation
+ 
Upgrade to version: 3.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-rvg8-pwq2-xj7q
+ + + + + + + +
+
+
+
+ Finding 1253: GHSA-hjrf-2m68-5959 in jsonwebtoken:0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.05% + / + 14.92% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

+Related Vulnerability Description: jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of  forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.1.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-hjrf-2m68-5959

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23541

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1254: GHSA-hjrf-2m68-5959 in jsonwebtoken:0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.05% + / + 14.92% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
/juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

+Related Vulnerability Description: jsonwebtoken is an implementation of JSON Web Tokens. Versions <= 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of  forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.4.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-hjrf-2m68-5959

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23541

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1259: GHSA-qhxp-v273-g94h in sanitize-html:1.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.03% + / + 7.37% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
sanitize-html1.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/sanitize-html/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: sanitize-html is vulnerable to XSS through incomprehensive sanitization

+Related Vulnerability Description: sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The sanitizeHtml() function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.

+Matcher: javascript-matcher

+Package URL: pkg:npm/sanitize-html@1.4.2
+ + +
Mitigation
+ 
Upgrade to version: 2.0.0-beta
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-qhxp-v273-g94h

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-25225

+Related Vulnerability URLs:

+- https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2019/CVE-2019-25225

+- https://github.com/apostrophecms/sanitize-html/commit/712cb6895825c8bb6ede71a16b42bade42abcaf3

+- https://github.com/apostrophecms/sanitize-html/issues/293

+- https://github.com/apostrophecms/sanitize-html/pull/156
+ + + + + + + +
+
+
+
+ Finding 1262: GHSA-qwph-4952-7xr6 in jsonwebtoken:0.1.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.02% + / + 2.55% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.1.0
+ + + + + + + +
File Path
/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

+Related Vulnerability Description: In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.1.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-qwph-4952-7xr6

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23540

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1263: GHSA-qwph-4952-7xr6 in jsonwebtoken:0.4.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.02% + / + 2.55% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
jsonwebtoken0.4.0
+ + + + + + + +
File Path
/juice-shop/node_modules/jsonwebtoken/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
+ + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

+Related Vulnerability Description: In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify() function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

+Matcher: javascript-matcher

+Package URL: pkg:npm/jsonwebtoken@0.4.0
+ + +
Mitigation
+ 
Upgrade to version: 9.0.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-qwph-4952-7xr6

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-23540

+Related Vulnerability URLs:

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+- https://security.netapp.com/advisory/ntap-20240621-0007/

+- https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3

+- https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6

+- https://security.netapp.com/advisory/ntap-20240621-0007/
+ + + + + + + +
+
+
+
+ Finding 1266: CVE-2025-8058 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Medium + + + + 0.01% + / + 0.51% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: The regcomp function in the GNU C library version from 2.4 to 2.41 is  subject to a double free if some previous allocation fails. It can be  accomplished either by a malloc failure or by using an interposed malloc  that injects random malloc failures. The double free can allow buffer  manipulation depending of how the regex is constructed. This issue  affects all architectures and ABIs supported by the GNU C library.

+Related Vulnerability Description: The regcomp function in the GNU C library version from 2.4 to 2.41 is 

+subject to a double free if some previous allocation fails. It can be 

+accomplished either by a malloc failure or by using an interposed malloc

+ that injects random malloc failures. The double free can allow buffer 

+manipulation depending of how the regex is constructed. This issue 

+affects all architectures and ABIs supported by the GNU C library.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + +
Mitigation
+ 
Upgrade to version: 2.36-9+deb12u13
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2025-8058

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-8058

+Related Vulnerability URLs:

+- https://sourceware.org/bugzilla/show_bug.cgi?id=33185

+- https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f
+ + + + + + + +

Low

+ +
+
+
+
+ Finding 1135: CVE-2024-47764 Cookie 0.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Low + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 74 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
cookie0.4.2
+ + + + + + + +
File Path
juice-shop/node_modules/engine.io/node_modules/cookie/package.json
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
+ + +
Description
+ 
cookie: cookie accepts cookie name, path, and domain with out of bounds characters

+Target: Node.js

+Type: node-pkg

+Fixed version: 0.7.0

+
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.
+ + +
Mitigation
+ 
0.7.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://access.redhat.com/security/cve/CVE-2024-47764

+https://github.com/jshttp/cookie

+https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c

+https://github.com/jshttp/cookie/pull/167

+https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x

+https://nvd.nist.gov/vuln/detail/CVE-2024-47764

+https://www.cve.org/CVERecord?id=CVE-2024-47764
+ + + + + + + +
+
+
+
+ Finding 1192: DNS Rebinding Attack + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Low + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
localhostActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
Detects DNS Rebinding attacks by checking if the DNS response contains a private IPv4 or IPv6 address.

+
Results:

+127.0.0.1
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
;; opcode: QUERY, status: NOERROR, id: 1202
+;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
+
+;; OPT PSEUDOSECTION:
+; EDNS: version 0; flags:; udp: 4096
+
+;; QUESTION SECTION:
+;localhost.	IN	 A
+
+ +
Response 1
+ 
;; opcode: QUERY, status: NOERROR, id: 1202
+;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
+;; OPT PSEUDOSECTION:
+; EDNS: version 0; flags:; udp: 4096
+;; QUESTION SECTION:
+;localhost.	IN	 A
+;; ANSWER SECTION:
+localhost.	10800	IN	A	127.0.0.1
+
+ + + + + + + + + + + +
References
+ 
https://capec.mitre.org/data/definitions/275.html

+https://payatu.com/blog/dns-rebinding/

+https://heimdalsecurity.com/blog/dns-rebinding/
+ + + + + + + +
+
+
+
+ Finding 1130: CVE-2025-27587 Libssl3 3.0.17-1~deb12u2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Low + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin) + + 385 + +
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libssl33.0.17-1~deb12u2
+ + + + + + + +
File Path
bkimminich/juice-shop:v19.0.0 (debian 12.11)
+
+
+
+ + + + + +
Description
+ 
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable  ...

+Target: bkimminich/juice-shop:v19.0.0 (debian 12.11)

+Type: debian

+Fixed version: 

+
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
+ + + + + + +
Impact
+ 
affected
+ + + + + + + +
References
+ 
https://github.com/openssl/openssl/issues/24253

+https://minerva.crocs.fi.muni.cz

+https://www.cve.org/CVERecord?id=CVE-2025-27587
+ + + + + + + +
+
+
+
+ Finding 1161: CVE-2025-57349 Messageformat 2.3.0 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Low + + + + N.A. + / + N.A. + Active, VerifiedNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
messageformat2.3.0
+ + + + + + + +
File Path
juice-shop/node_modules/messageformat/package.json
+
+
+
+ + + + + +
Description
+ 
messageformat has a prototype pollution vulnerability

+Target: Node.js

+Type: node-pkg

+Fixed version: 3.0.0-beta.0

+
The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., proto ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component.
+ + +
Mitigation
+ 
3.0.0-beta.0
+ + + + + +
Impact
+ 
fixed
+ + + + + + + +
References
+ 
https://github.com/messageformat/messageformat

+https://github.com/messageformat/messageformat/issues/452

+https://nvd.nist.gov/vuln/detail/CVE-2025-57349
+ + + + + + + +
+
+
+
+ Finding 1255: GHSA-pxg6-pf52-xh8x in cookie:0.4.2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Low + + + + 0.07% + / + 21.73% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
cookie0.4.2
+ + + + + + + +
File Path
/juice-shop/node_modules/engine.io/node_modules/cookie/package.json
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: github:language:javascript

+Vulnerability Description: cookie accepts cookie name, path, and domain with out of bounds characters

+Related Vulnerability Description: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain.

+Matcher: javascript-matcher

+Package URL: pkg:npm/cookie@0.4.2
+ + +
Mitigation
+ 
Upgrade to version: 0.7.0
+ + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://github.com/advisories/GHSA-pxg6-pf52-xh8x

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2024-47764

+Related Vulnerability URLs:

+- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c

+- https://github.com/jshttp/cookie/pull/167

+- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x
+ + + + + + + +

Info

+ +
+
+
+
+ Finding 1195: robots.txt Endpoint Prober + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000/robots.txtActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
Results:

+/ftp
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET /robots.txt HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Content-Length: 28
+Access-Control-Allow-Origin: *
+Content-Type: text/plain; charset=utf-8
+Date: Mon, 29 Sep 2025 15:21:33 GMT
+Etag: W/&quot;1c-8HgF6mNyhsSFK0pascC9uB0wjX0&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+User-agent: *
+Disallow: /ftp
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36' 'http://localhost:3000/robots.txt'
+ + + + + + + + + + + +
+
+
+
+ Finding 1269: CVE-2022-27943 in libgcc-s1:12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.05% + / + 15.84% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libgcc-s112.2.0-14+deb12u1
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libgcc-s1
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libgcc-s1@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2022-27943

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+Related Vulnerability URLs:

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995
+ + + + + + + +
+
+
+
+ Finding 1207: OWASP Juice Shop + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
None
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:38 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1203: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1202: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1206: Add DOM EventListener - Detection + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin) + + 79 + +
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ + +
Description
+ 
Identifies the use of JavaScript addEventListener calls in the DOM.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:38 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15' 'http://localhost:3000'
+ + + + + +
References
+ 
https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
+ + + + + + + +
+
+
+
+ Finding 1205: robots.txt File + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000/robots.txtActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
None
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET /robots.txt HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Content-Length: 28
+Access-Control-Allow-Origin: *
+Content-Type: text/plain; charset=utf-8
+Date: Mon, 29 Sep 2025 15:21:38 GMT
+Etag: W/&quot;1c-8HgF6mNyhsSFK0pascC9uB0wjX0&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+User-agent: *
+Disallow: /ftp
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1' 'http://localhost:3000/robots.txt'
+ + + + + + + + + + + +
+
+
+
+ Finding 1250: CVE-2019-1010023 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.72% + / + 71.74% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2019-1010023

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-1010023

+Related Vulnerability URLs:

+- http://www.securityfocus.com/bid/109167

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22851

+- https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010023

+- http://www.securityfocus.com/bid/109167

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22851

+- https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010023
+ + + + + + + +
+
+
+
+ Finding 1209: X-Recruiting Header + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
Websites that advertise jobs via HTTP headers

+Results:

+/#/jobs
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:42 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (SS; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0' 'http://localhost:3000'
+ + + + + +
References
+ 
https://webtechsurvey.com/response-header/x-recruiting
+ + + + + + + +
+
+
+
+ Finding 1204: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1208: security.txt File + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000/.well-known/security.txtActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
File similar to robots.txt but intended to be read by humans wishing to contact a website’s owner about security issues. Often defines a security policy and contact details.

+
Results:

+ mailto:donotreply@owasp-juice.shop
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET /.well-known/security.txt HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/112.0 Safari/537.36
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Content-Length: 475
+Access-Control-Allow-Origin: *
+Content-Type: text/plain; charset=utf-8
+Date: Mon, 29 Sep 2025 15:21:42 GMT
+Etag: W/&quot;1db-m6wdxkp5B5Fswl9G9jg6cVHAu64&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+Contact: mailto:donotreply@owasp-juice.shop
+Encryption: https://keybase.io/bkimminich/pgp_keys.asc?fingerprint=19c01cb7157e4645e9e2c863062a85a8cbfbdcda
+Acknowledgements: /#/score-board
+Preferred-languages: en, ar, az, bg, bn, ca, cs, da, de, ga, el, es, et, fi, fr, ka, he, hi, hu, id, it, ja, ko, lv, my, nl, no, pl, pt, ro, ru, si, sv, th, tr, uk, zh
+Hiring: /#/jobs
+Csaf: http://localhost:3000/.well-known/csaf/provider-metadata.json
+Expires: Tue…
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/112.0 Safari/537.36' 'http://localhost:3000/.well-known/security.txt'
+ + + + + +
References
+ 
https://securitytxt.org/

+https://community.turgensec.com/security-txt-progress-in-ethical-security-research/
+ + + + + + + +
+
+
+
+ Finding 1201: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1258: CVE-2019-9192 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.36% + / + 57.70% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern

+Matcher: dpkg-matcher

+Package URL:* pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2019-9192

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-9192

+Related Vulnerability URLs:

+- https://sourceware.org/bugzilla/show_bug.cgi?id=24269

+- https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

+- https://sourceware.org/bugzilla/show_bug.cgi?id=24269

+- https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS
+ + + + + + + +
+
+
+
+ Finding 1200: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1267: CVE-2025-27587 in libssl3:3.0.17-1~deb12u2 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.06% + / + 18.34% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libssl33.0.17-1~deb12u2
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libssl3
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2025-27587

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2025-27587

+Related Vulnerability URLs:

+- https://github.com/openssl/openssl/issues/24253

+- https://minerva.crocs.fi.muni.cz
+ + + + + + + +
+
+
+
+ Finding 1265: CVE-2019-1010022 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.14% + / + 35.58% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2019-1010022

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-1010022

+Related Vulnerability URLs:

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22850

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3

+- https://ubuntu.com/security/CVE-2019-1010022

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22850

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3

+- https://ubuntu.com/security/CVE-2019-1010022
+ + + + + + + +
+
+
+
+ Finding 1199: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1198: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1197: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1270: CVE-2022-27943 in libgomp1:12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.05% + / + 15.84% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libgomp112.2.0-14+deb12u1
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libgomp1
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libgomp1@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2022-27943

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+Related Vulnerability URLs:

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995
+ + + + + + + +
+
+
+
+ Finding 1196: HTTP Missing Security Headers + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
This template searches for missing HTTP security headers. The impact of these missing headers can vary.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
+Connection: close
+Accept: */*
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:37 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3' 'http://localhost:3000'
+ + + + + + + + + + + +
+
+
+
+ Finding 1194: Missing Subresource Integrity + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin)
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000ActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + + +
Description
+ 
Checks if external script and stylesheet tags in the HTML response are missing the Subresource Integrity (SRI) attribute.

+
Results:

+//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js

+//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

+//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET / HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
+Connection: close
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Accept-Ranges: bytes
+Access-Control-Allow-Origin: *
+Cache-Control: public, max-age=0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 29 Sep 2025 15:21:00 GMT
+Etag: W/&quot;124fa-19995cb3457&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Last-Modified: Mon, 29 Sep 2025 14:05:46 GMT
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en" data-beasties-container>
+<head>
+  <meta charset="utf-8">
+  <title>OWASP Juice Shop</title>
+  <meta name="description" content="Probably the most modern and sophisticated insecure web application">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
+  <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
+  <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
+  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+  <script>
+    window.addEventListener(&quot;load&quot;, function(){
+      window.cookieconsent.initialise({
+        &quot;palette&quot;: {
+          &quot;popup&quot;: { &quot;background&quot;: &quot;var(--theme-primary)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; },
+          &quot;button&quot;: { &quot;background&quot;: &quot;var(--theme-accent)&quot;, &quot;text&quot;: &quot;var(--theme-text)&quot; }
+        },
+        &quot;…</script></head></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Host: localhost:3000' -H 'User-Agent: Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36' 'http://localhost:3000'
+ + + + + +
References
+ 
https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity

+https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
+ + + + + + + +
+
+
+
+ Finding 1256: CVE-2019-1010024 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.38% + / + 58.43% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2019-1010024

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-1010024

+Related Vulnerability URLs:

+- http://www.securityfocus.com/bid/109162

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22852

+- https://support.f5.com/csp/article/K06046097

+- https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010024

+- http://www.securityfocus.com/bid/109162

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22852

+- https://support.f5.com/csp/article/K06046097

+- https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010024
+ + + + + + + +
+
+
+
+ Finding 1257: CVE-2010-4756 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.37% + / + 58.32% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2010-4756

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2010-4756

+Related Vulnerability URLs:

+- http://cxib.net/stuff/glob-0day.c

+- http://securityreason.com/achievement_securityalert/89

+- http://securityreason.com/exploitalert/9223

+- https://bugzilla.redhat.com/show_bug.cgi?id=681681

+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756

+- http://cxib.net/stuff/glob-0day.c

+- http://securityreason.com/achievement_securityalert/89

+- http://securityreason.com/exploitalert/9223

+- https://bugzilla.redhat.com/show_bug.cgi?id=681681

+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
+ + + + + + + +
+
+
+
+ Finding 1271: CVE-2022-27943 in libstdc++6:12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.05% + / + 15.84% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libstdc++612.2.0-14+deb12u1
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libstdc++6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libstdc%2B%2B6@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2022-27943

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+Related Vulnerability URLs:

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995
+ + + + + + + +
+
+
+
+ Finding 1261: CVE-2019-1010025 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.23% + / + 45.66% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2019-1010025

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2019-1010025

+Related Vulnerability URLs:

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22853

+- https://support.f5.com/csp/article/K06046097

+- https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010025

+- https://sourceware.org/bugzilla/show_bug.cgi?id=22853

+- https://support.f5.com/csp/article/K06046097

+- https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS

+- https://ubuntu.com/security/CVE-2019-1010025
+ + + + + + + +
+
+
+
+ Finding 1241: CVE-2018-20796 in libc6:2.36-9+deb12u10 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 1.84% + / + 82.29% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
libc62.36-9+deb12u10
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/libc6
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2018-20796

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2018-20796

+Related Vulnerability URLs:

+- http://www.securityfocus.com/bid/107160

+- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141

+- https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html

+- https://security.netapp.com/advisory/ntap-20190315-0002/

+- https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS

+- http://www.securityfocus.com/bid/107160

+- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141

+- https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html

+- https://security.netapp.com/advisory/ntap-20190315-0002/

+- https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS
+ + + + + + + +
+
+
+
+ Finding 1193: Public Swagger API - Detect + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporterCWE
+ + + Info + + + + N.A. + / + N.A. + ActiveSept. 29, 202535 daysAdmin User (admin) + + 200 + +
+
+
+ + + + + + + + + + +
+
+
+
+
Vulnerable Endpoints / Systems (1)
+
+ + + + + + + + + + + + + + + + + +
EndpointStatusDate DiscoveredLast Modified
http://localhost:3000/api-docs/swagger.jsonActiveSept. 29, 2025Nov. 3, 2025
+
+
+
+ + + + + + + + + + + +
CVSS v3
+ 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ + +
Description
+ 
Public Swagger API was detected.
+ + + + +
Sample Request(s): Displaying 1 of 1
+ +
Request 1
+ 
GET /api-docs/swagger.json HTTP/1.1
+Host: localhost:3000
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6,2 Mobile/15E148 Safari/604.1
+Accept: text/html
+Accept-Language: en
+Accept-Encoding: gzip
+
+
+ +
Response 1
+ 
HTTP/1.1 200 OK
+Connection: close
+Transfer-Encoding: chunked
+Access-Control-Allow-Origin: *
+Content-Type: text/html; charset=utf-8
+Date: Mon, 29 Sep 2025 15:20:53 GMT
+Etag: W/&quot;c22-H8FH9nKD8DeX/nvIRrte6ZjP2a4&quot;
+Feature-Policy: payment &#x27;self&#x27;
+Vary: Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Recruiting: /#/jobs
+
+
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Swagger UI</title>
+  <link rel="stylesheet" type="text/css" href="./swagger-ui.css" >
+  <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" /><link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
+  <style>
+    html
+    {
+      box-sizing: border-box;
+      overflow: -moz-scrollbars-vertical;
+      overflow-y: scroll;
+    }
+    *,
+    *:before,
+    *:after
+    {
+      box-sizing: inherit;
+    }
+    body {
+      margin:0;
+      background: #fafafa;
+    }
+  </style>
+</head>
+<body>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position:absolute;width:0;height:0">
+  <defs>
+    <symbol viewBox="0 0 20 20" id="unlocked">
+      <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path>
+    </symbol>
+    <symbol viewBox="0 0 20 20" id="locked">
+      <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"/></path>
+    </symbol>
+    <symbol viewBox="0 0 20 20" id="close">
+      <path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"/></path>
+    </symbol>
+    <symbol viewBox="0 0 20 20" id="large-arrow">
+      <path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"/></path>
+    </symbol>
+    <symbol viewBox="0 0 20 20" id="large-arrow-down">
+      <path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"/></path>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="jump-to">
+      <path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z"/></path>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="expand">
+      <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"/></path>
+    </symbol>
+  </defs>
+</svg>
+<div id="swagger-ui"></div>
+<script src="./swagger-ui-bundle.js"> </script>
+<script src="./swagger-ui-standalone-preset.js"> </script>
+<script src="./swagger-ui-init.js"> </script>
+<style>
+  .swagger-ui .topbar .…</style></body></html>
+ + + + + + + +
Steps to Reproduce
+ 
curl command to reproduce the request:

+curl -X 'GET' -d '' -H 'Accept: text/html' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6,2 Mobile/15E148 Safari/604.1' 'http://localhost:3000/api-docs/swagger.json'
+ + + + + +
References
+ 
https://swagger.io/
+ + + + + + + +
+
+
+
+ Finding 1268: CVE-2022-27943 in gcc-12-base:12.2.0-14+deb12u1 + + + + + +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityEPSS Score / PercentileStatusDate discoveredAgeReporter
+ + + Info + + + + 0.05% + / + 15.84% + ActiveNov. 3, 20250 daysAdmin User (admin)
+
+
+ + + + + + + + + +
+
+
+
+
Location
+
+ + + + + + + + + + + + + + + + + + + + + +
ComponentVersion
gcc-12-base12.2.0-14+deb12u1
+ + + + + + + +
File Path
/var/lib/dpkg/status.d/gcc-12-base
+
+
+
+ + + + +
CVSS v3
+ 
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
+ + +
Description
+ 
Vulnerability Namespace: debian:distro:debian:12

+Vulnerability Description: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

+Matcher: dpkg-matcher

+Package URL: pkg:deb/debian/gcc-12-base@12.2.0-14%2Bdeb12u1?arch=arm64&distro=debian-12&upstream=gcc-12
+ + + + + + + + + + + + +
References
+ 
Vulnerability Datasource: https://security-tracker.debian.org/tracker/CVE-2022-27943

+Related Vulnerability Datasource: https://nvd.nist.gov/vuln/detail/CVE-2022-27943

+Related Vulnerability URLs:

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995

+- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039

+- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/

+- https://sourceware.org/bugzilla/show_bug.cgi?id=28995
+ + + + + + +
+
+ +
+ + + + + + + + + + + + + + + + diff --git a/labs/lab10/report/findings.csv b/labs/lab10/report/findings.csv new file mode 100644 index 00000000..9ea987df --- /dev/null +++ b/labs/lab10/report/findings.csv @@ -0,0 +1,183 @@ +active,component_name,component_version,created,cvssv3,cvssv3_score,cvssv4,cvssv4_score,cwe,date,defect_review_requested_by,defect_review_requested_by_id,description,duplicate,duplicate_finding,duplicate_finding_id,dynamic_finding,effort_for_fixing,epss_percentile,epss_score,false_p,file_path,finding_group,fix_available,has_finding_group,has_jira_configured,has_jira_group_issue,has_jira_issue,hash_code,id,impact,is_mitigated,kev_date,known_exploited,last_reviewed,last_reviewed_by,last_reviewed_by_id,last_status_update,line,mitigated,mitigated_by,mitigated_by_id,mitigation,nb_occurences,numerical_severity,out_of_scope,param,payload,pgh_event_models,pk,planned_remediation_date,planned_remediation_version,publish_date,ransomware_used,references,reporter,reporter_id,review_requested_by,review_requested_by_id,risk_accepted,sast_sink_object,sast_source_file_path,sast_source_line,sast_source_object,scanner_confidence,service,severity,severity_justification,sla_age,sla_age_days,sla_days_remaining,sla_deadline,sla_expiration_date,sla_start_date,sonarqube_issue,sonarqube_issue_id,static_finding,steps_to_reproduce,test,test_id,thread_id,title,under_defect_review,under_review,unique_id_from_tool,url,verified,violates_sla,vuln_id_from_tool,test,found_by,engagement_id,engagement,product_id,product,endpoints,vulnerability_ids,tags +True,vm2,3.9.17,2025-11-03 13:39:12.917505+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,74,2025-11-03,,,vm2: Sandbox Escape NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 3.9.18 NEWLINE NEWLINE vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/vm2/package.json,,True,False,,False,,5de45cc1a7c6c380875f2116cfa9b46556d7b1a4d8470d5dc6d7ad043e24a648,1183,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.917485+00:00,,,,,3.9.18,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2023-32314 NEWLINE https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac NEWLINE https://github.com/patriksimek/vm2 NEWLINE https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf NEWLINE https://github.com/patriksimek/vm2/releases/tag/3.9.18 NEWLINE https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2023-32314 NEWLINE https://www.cve.org/CVERecord?id=CVE-2023-32314,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2023-32314 Vm2 3.9.17,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2023-32314, +True,marsdb,0.6.11,2025-11-03 13:39:14.206842+00:00,,,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Command Injection in marsdb NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/marsdb@0.6.11,False,,,False,,,,False,/juice-shop/node_modules/marsdb/package.json,,,False,,False,,8796fc2d3932e13a71e854cdeb047fcdb4052b454be7db1661f84ead38fe0097,1272,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.206824+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-5mrr-rgp6-x4gr,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-5mrr-rgp6-x4gr in marsdb:0.6.11,False,False,,,False,,GHSA-5mrr-rgp6-x4gr,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-5mrr-rgp6-x4gr, +True,vm2,3.9.17,2025-11-03 13:39:12.924099+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,94,2025-11-03,,,"vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** NEWLINE NEWLINE vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/vm2/package.json,,False,False,,False,,81886a23afdfa4e9dc199882e72881d8b572c17f278997a3f3b1ffb422e9ddf5,1184,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.924082+00:00,,,,,,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2023-37466 NEWLINE https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9 NEWLINE https://github.com/patriksimek/vm2 NEWLINE https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2023-37466 NEWLINE https://security.netapp.com/advisory/ntap-20230831-0007 NEWLINE https://www.cve.org/CVERecord?id=CVE-2023-37466,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2023-37466 Vm2 3.9.17,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2023-37466, +True,vm2,3.9.17,2025-11-03 13:39:12.930885+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,78,2025-11-03,,,"vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** NEWLINE NEWLINE vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/vm2/package.json,,False,False,,False,,9da8ce361021854d554478d9add301e8864240f61d066ef423174229023e6039,1185,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.930868+00:00,,,,,,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2023-37903 NEWLINE https://github.com/patriksimek/vm2 NEWLINE https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2023-37903 NEWLINE https://security.netapp.com/advisory/ntap-20230831-0007 NEWLINE https://security.netapp.com/advisory/ntap-20230831-0007/ NEWLINE https://www.cve.org/CVERecord?id=CVE-2023-37903,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2023-37903 Vm2 3.9.17,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2023-37903, +True,crypto-js,3.3.0,2025-11-03 13:39:13.822718+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N,9.1,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard NEWLINE **Related Vulnerability Description:** crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/crypto-js@3.3.0",False,,,False,,0.75736,0.00963,False,/juice-shop/node_modules/crypto-js/package.json,,,False,,False,,cc8a900b6a7aa0953913a16e1e3f4b8b0ee095353015c8addffe296e48d984f4,1220,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.822700+00:00,,,,,Upgrade to version: 4.2.0,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-46233 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a NEWLINE - https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE - https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html NEWLINE - https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a NEWLINE - https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE - https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-xwcq-pm8m-c4vf in crypto-js:3.3.0,False,False,,,False,,GHSA-xwcq-pm8m-c4vf,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-xwcq-pm8m-c4vf; CVE-2023-46233, +True,lodash,2.4.2,2025-11-03 13:39:12.705067+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H,9.1,,,1321,2025-11-03,,,nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.17.12 NEWLINE NEWLINE Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,True,False,,False,,36d1f6cbd728c605224c27e71649f332318dee2693aeaf53d68c060e2a8828e1,1153,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.705049+00:00,,,,,4.17.12,,S0,False,,,,,,,,False,https://access.redhat.com/errata/RHSA-2019:3024 NEWLINE https://access.redhat.com/security/cve/CVE-2019-10744 NEWLINE https://github.com/advisories/GHSA-jf85-cpcp-j695 NEWLINE https://github.com/lodash/lodash/pull/4336 NEWLINE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2019-10744 NEWLINE https://security.netapp.com/advisory/ntap-20191004-0005 NEWLINE https://security.netapp.com/advisory/ntap-20191004-0005/ NEWLINE https://snyk.io/vuln/SNYK-JS-LODASH-450202 NEWLINE https://support.f5.com/csp/article/K47105354 NEWLINE https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS NEWLINE https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS NEWLINE https://www.cve.org/CVERecord?id=CVE-2019-10744 NEWLINE https://www.npmjs.com/advisories/1065 NEWLINE https://www.oracle.com/security-alerts/cpujan2021.html NEWLINE https://www.oracle.com/security-alerts/cpuoct2020.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2019-10744 Lodash 2.4.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2019-10744, +True,vm2,3.9.17,2025-11-03 13:39:13.731769+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17,False,,,False,,0.98615,0.69492,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,f44df2da924687df4a5dcf933a4e7df5c0b1aad02b92274b61cb5cbb8bab3fa1,1210,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.731750+00:00,,,,,Upgrade to version: 3.9.18,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-whpj-8f3w-67p5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-32314 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac NEWLINE - https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf NEWLINE - https://github.com/patriksimek/vm2/releases/tag/3.9.18 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 NEWLINE - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac NEWLINE - https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf NEWLINE - https://github.com/patriksimek/vm2/releases/tag/3.9.18 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-whpj-8f3w-67p5 in vm2:3.9.17,False,False,,,False,,GHSA-whpj-8f3w-67p5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-whpj-8f3w-67p5; CVE-2023-32314, +True,jsonwebtoken,0.1.0,2025-11-03 13:39:13.751239+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Verification Bypass in jsonwebtoken NEWLINE **Related Vulnerability Description:** In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.1.0,False,,,False,,0.97313,0.41149,False,/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,,False,,False,,f94a8c9e391d3ea7af36b9c6e4229d9e367b033b77ca154d8087c9e3fbfbf179,1211,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.751218+00:00,,,,,Upgrade to version: 4.2.2,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.1.0,False,False,,,False,,GHSA-c7hr-j4mj-j2w6,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-c7hr-j4mj-j2w6; CVE-2015-9235, +True,jsonwebtoken,0.4.0,2025-11-03 13:39:13.760050+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Verification Bypass in jsonwebtoken NEWLINE **Related Vulnerability Description:** In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.4.0,False,,,False,,0.97313,0.41149,False,/juice-shop/node_modules/jsonwebtoken/package.json,,,False,,False,,446bfdd26d4b103b1c77eac0d511bf530c5932fe3a97dd64ec2fe2b30109f371,1212,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.760029+00:00,,,,,Upgrade to version: 4.2.2,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.4.0,False,False,,,False,,GHSA-c7hr-j4mj-j2w6,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-c7hr-j4mj-j2w6; CVE-2015-9235, +True,vm2,3.9.17,2025-11-03 13:39:13.768732+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17",False,,,False,,0.96959,0.35568,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,c2a7f41be9b517290410d2bb29352182dbd157a58de3c9d90003bb5eaecf96f9,1213,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.768713+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-g644-9gfx-q4q4 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-37903 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 NEWLINE - https://security.netapp.com/advisory/ntap-20230831-0007/ NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 NEWLINE - https://security.netapp.com/advisory/ntap-20230831-0007/,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-g644-9gfx-q4q4 in vm2:3.9.17,False,False,,,False,,GHSA-g644-9gfx-q4q4,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-g644-9gfx-q4q4; CVE-2023-37903, +True,vm2,3.9.17,2025-11-03 13:39:13.776580+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17",False,,,False,,0.88971,0.04732,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,6b89c2767f3e1463b4e4fdc1cfa645a357987377771ad170bf58f06ddfd91fbc,1214,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.776561+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-cchq-frgv-rjh5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-37466 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-cchq-frgv-rjh5 in vm2:3.9.17,False,False,,,False,,GHSA-cchq-frgv-rjh5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-cchq-frgv-rjh5; CVE-2023-37466, +True,lodash,2.4.2,2025-11-03 13:39:13.784039+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H,9.1,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2,False,,,False,,0.86968,0.0341,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,3b1d8d89bee38ea43fa9b863ba5448343af024aca9dbd41387eff36cf1658e3b,1215,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.784022+00:00,,,,,Upgrade to version: 4.17.12,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-jf85-cpcp-j695 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2019-10744 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://access.redhat.com/errata/RHSA-2019:3024 NEWLINE - https://security.netapp.com/advisory/ntap-20191004-0005/ NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-450202 NEWLINE - https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS NEWLINE - https://www.oracle.com/security-alerts/cpujan2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2020.html NEWLINE - https://access.redhat.com/errata/RHSA-2019:3024 NEWLINE - https://security.netapp.com/advisory/ntap-20191004-0005/ NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-450202 NEWLINE - https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS NEWLINE - https://www.oracle.com/security-alerts/cpujan2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2020.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Anchore Grype,35,0,GHSA-jf85-cpcp-j695 in lodash:2.4.2,False,False,,,False,,GHSA-jf85-cpcp-j695,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-jf85-cpcp-j695; CVE-2019-10744, +True,crypto-js,3.3.0,2025-11-03 13:39:12.581171+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N,9.1,,,328,2025-11-03,,,"crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.2.0 NEWLINE NEWLINE crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/crypto-js/package.json,,True,False,,False,,a95f6cd299da2691e4707edf2bfc63bbc34f2c4d4646f48da9353a65346f2f87,1136,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.581153+00:00,,,,,4.2.0,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2023-46233 NEWLINE https://github.com/brix/crypto-js NEWLINE https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a NEWLINE https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2023-46233 NEWLINE https://ubuntu.com/security/notices/USN-6753-1 NEWLINE https://www.cve.org/CVERecord?id=CVE-2023-46233,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2023-46233 Crypto-Js 3.3.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2023-46233, +True,marsdb,0.6.11,2025-11-03 13:39:12.752328+00:00,,,,,0,2025-11-03,,,"Command Injection in marsdb NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** NEWLINE NEWLINE All versions of `marsdb` are vulnerable to Command Injection. In the `DocumentMatcher` class, selectors on `$where` clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. NEWLINE NEWLINE NEWLINE ## Recommendation NEWLINE NEWLINE No fix is currently available. Consider using an alternative package until a fix is made available. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/marsdb/package.json,,False,False,,False,,73423daa2c85b788f33d85d5bb7d840df7952a4d3b32020edcf6e585c1b5cbd3,1160,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.752303+00:00,,,,,,,S0,False,,,,,,,,False,https://github.com/bkimminich/juice-shop/issues/1173 NEWLINE https://www.npmjs.com/advisories/1122,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,GHSA-5mrr-rgp6-x4gr Marsdb 0.6.11,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,GHSA-5mrr-rgp6-x4gr, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:12.492869+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,119,2025-11-03,,,"glibc: stack guard protection bypass NEWLINE **Target:** bkimminich/juice-shop:v19.0.0 (debian 12.11) NEWLINE **Type:** debian NEWLINE **Fixed version:** NEWLINE NEWLINE GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat. NEWLINE ",False,,,False,,,,False,bkimminich/juice-shop:v19.0.0 (debian 12.11),,False,False,,False,,8ea312704e6c3430cf5544600fa2d0cafae86b8e6346a4928b6efd4a15c5b0be,1123,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.492851+00:00,,,,,,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2019-1010022 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 NEWLINE https://security-tracker.debian.org/tracker/CVE-2019-1010022 NEWLINE https://sourceware.org/bugzilla/show_bug.cgi?id=22850 NEWLINE https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 NEWLINE https://ubuntu.com/security/CVE-2019-1010022 NEWLINE https://www.cve.org/CVERecord?id=CVE-2019-1010022,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2019-1010022 Libc6 2.36-9+deb12u10,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2019-1010022, +True,jsonwebtoken,0.4.0,2025-11-03 13:39:12.661612+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,20,2025-11-03,,,nodejs-jsonwebtoken: verification step bypass with an altered token NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.2.2 NEWLINE NEWLINE In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/jsonwebtoken/package.json,,True,False,,False,,756ae4892999afe288492599f018ef7426e7cfb8e4ea4527a6d71357a3503db7,1147,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.661593+00:00,,,,,4.2.2,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2015-9235 NEWLINE https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries NEWLINE https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE https://nodesecurity.io/advisories/17 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE https://www.cve.org/CVERecord?id=CVE-2015-9235 NEWLINE https://www.npmjs.com/advisories/17 NEWLINE https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2015-9235 Jsonwebtoken 0.4.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2015-9235, +True,jsonwebtoken,0.1.0,2025-11-03 13:39:12.624353+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,20,2025-11-03,,,nodejs-jsonwebtoken: verification step bypass with an altered token NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.2.2 NEWLINE NEWLINE In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,True,False,,False,,878f89d0598d0236b88290febfb1899b96561b65699661be3627ae77f59954b3,1142,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.624335+00:00,,,,,4.2.2,,S0,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2015-9235 NEWLINE https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries NEWLINE https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE https://nodesecurity.io/advisories/17 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE https://www.cve.org/CVERecord?id=CVE-2015-9235 NEWLINE https://www.npmjs.com/advisories/17 NEWLINE https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-10,2025-11-10,,,,True,,Trivy Scan,33,0,CVE-2015-9235 Jsonwebtoken 0.1.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2015-9235, +True,jsonwebtoken,0.1.0,2025-11-03 13:39:12.640056+00:00,,,,,0,2025-11-03,,,"Verification Bypass NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** >=4.2.2 NEWLINE NEWLINE It is possible for an attacker to bypass verification when ""a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)"" [1] NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,True,False,,False,,8c52b3d98311b402fcdd15a9b1d27153f2446f6a7a59b2c0fd542611007172c5,1144,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.640037+00:00,,,,,>=4.2.2,,S1,False,,,,,,,,False,https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,NSWG-ECO-17 Jsonwebtoken 0.1.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,NSWG-ECO-17, +True,ws,7.4.6,2025-11-03 13:39:12.944411+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,476,2025-11-03,,,"nodejs-ws: denial of service when handling a request with many HTTP headers NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 5.2.4, 6.2.3, 7.5.10, 8.17.1 NEWLINE NEWLINE ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/engine.io/node_modules/ws/package.json,,True,False,,False,,7ba8c33b64da51d8c714ca44cc31ddf1f4ded1cbe10d6221172a0c8eccafdcc4,1187,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.944393+00:00,,,,,"5.2.4, 6.2.3, 7.5.10, 8.17.1",,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2024-37890 NEWLINE https://github.com/websockets/ws NEWLINE https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f NEWLINE https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e NEWLINE https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c NEWLINE https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 NEWLINE https://github.com/websockets/ws/issues/2230 NEWLINE https://github.com/websockets/ws/pull/2231 NEWLINE https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q NEWLINE https://nodejs.org/api/http.html#servermaxheaderscount NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2024-37890 NEWLINE https://www.cve.org/CVERecord?id=CVE-2024-37890,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2024-37890 Ws 7.4.6,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2024-37890, +True,,,2025-11-03 13:39:12.951716+00:00,,,,,0,2025-11-03,,,Asymmetric Private Key NEWLINE **Category:** AsymmetricPrivateKey NEWLINE **Match:** ----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE NEWLINE ,False,,,False,,,,False,/juice-shop/build/lib/insecurity.js,,True,False,,False,,5ad948478ac7188141e618ebe6b972ef0264605097a5df62b237c8cfba18dc45,1188,,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.951698+00:00,47,,,,,,S1,False,,,,,,,,False,,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,Secret Detected in /juice-shop/build/lib/insecurity.js - Asymmetric Private Key,False,False,,,False,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:12.485680+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,674,2025-11-03,,,"glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c NEWLINE **Target:** bkimminich/juice-shop:v19.0.0 (debian 12.11) NEWLINE **Type:** debian NEWLINE **Fixed version:** NEWLINE NEWLINE In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. NEWLINE ",False,,,False,,,,False,bkimminich/juice-shop:v19.0.0 (debian 12.11),,False,False,,False,,017b78b7b4442dd3c4f3291aa01b44f3f21ea32eb6d41a716b5a803bf8b9d856,1122,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.485661+00:00,,,,,,,S1,False,,,,,,,,False,http://www.securityfocus.com/bid/107160 NEWLINE https://access.redhat.com/security/cve/CVE-2018-20796 NEWLINE https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 NEWLINE https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2018-20796 NEWLINE https://security.netapp.com/advisory/ntap-20190315-0002/ NEWLINE https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS NEWLINE https://www.cve.org/CVERecord?id=CVE-2018-20796,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2018-20796 Libc6 2.36-9+deb12u10,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2018-20796, +True,,,2025-11-03 13:39:12.968415+00:00,,,,,0,2025-11-03,,,Asymmetric Private Key NEWLINE **Category:** AsymmetricPrivateKey NEWLINE **Match:** ----BEGIN RSA PRIVATE KEY-----****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE NEWLINE ,False,,,False,,,,False,/juice-shop/lib/insecurity.ts,,True,False,,False,,6cb69ea20f84ada1d56684358f2099360cdfd4aafd49206b774d90ffabbfa021,1191,,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.968397+00:00,23,,,,,,S1,False,,,,,,,,False,,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,Secret Detected in /juice-shop/lib/insecurity.ts - Asymmetric Private Key,False,False,,,False,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,, +True,multer,1.4.5-lts.2,2025-11-03 13:39:14.052741+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via memory leaks from unclosed streams NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.10319,0.00037,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,84a56017a0139fedea9c251e5bade937c762aedd44bf54aa2ccba8a4353e44c6,1251,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.052724+00:00,,,,,Upgrade to version: 2.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-44fp-w29j-9vj5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-47935 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE - https://github.com/expressjs/multer/pull/1120 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-44fp-w29j-9vj5 in multer:1.4.5-lts.2,False,False,,,False,,GHSA-44fp-w29j-9vj5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-44fp-w29j-9vj5; CVE-2025-47935, +True,tar-fs,2.1.3,2025-11-03 13:39:14.039948+00:00,,,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball NEWLINE **Related Vulnerability Description:** tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/tar-fs@2.1.3",False,,,False,,0.15424,0.0005,False,/juice-shop/node_modules/tar-fs/package.json,,,False,,False,,63114de3e5ad3029495344b7d2ed142e2ef46604b9767b35b9700cf0f13065a8,1249,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.039929+00:00,,,,,Upgrade to version: 2.1.4,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-vj76-c3g6-qr5v NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-59343 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 NEWLINE - https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-vj76-c3g6-qr5v in tar-fs:2.1.3,False,False,,,False,,GHSA-vj76-c3g6-qr5v,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-vj76-c3g6-qr5v; CVE-2025-59343, +True,sanitize-html,1.4.2,2025-11-03 13:39:14.033410+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Sanitize-html Vulnerable To REDoS Attacks NEWLINE **Related Vulnerability Description:** The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/sanitize-html@1.4.2,False,,,False,,0.17694,0.00056,False,/juice-shop/node_modules/sanitize-html/package.json,,,False,,False,,e90ee5d49e22d940fba380eab58f54bc2a72f71ef85a214ee4f3b1fde805f262,1248,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.033392+00:00,,,,,Upgrade to version: 2.7.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-cgfm-xwp7-2cvr NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-25887 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c NEWLINE - https://github.com/apostrophecms/sanitize-html/pull/557 NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 NEWLINE - https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c NEWLINE - https://github.com/apostrophecms/sanitize-html/pull/557 NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-cgfm-xwp7-2cvr in sanitize-html:1.4.2,False,False,,,False,,GHSA-cgfm-xwp7-2cvr,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-cgfm-xwp7-2cvr; CVE-2022-25887, +True,jsonwebtoken,0.4.0,2025-11-03 13:39:14.026652+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** jsonwebtoken unrestricted key type could lead to legacy keys usage NEWLINE **Related Vulnerability Description:** Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.4.0",False,,,False,,0.18524,0.00058,False,/juice-shop/node_modules/jsonwebtoken/package.json,,,False,,False,,3bd54fac91d21dd767b765f463851f70d3fc5f8bf558ba67e2c406532a9d079a,1247,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.026634+00:00,,,,,Upgrade to version: 9.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8cf7-32gw-wr33 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.4.0,False,False,,,False,,GHSA-8cf7-32gw-wr33,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8cf7-32gw-wr33; CVE-2022-23539, +True,jsonwebtoken,0.1.0,2025-11-03 13:39:14.020077+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** jsonwebtoken unrestricted key type could lead to legacy keys usage NEWLINE **Related Vulnerability Description:** Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.1.0",False,,,False,,0.18524,0.00058,False,/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,,False,,False,,f4b13e22a9423c9079edd385f97d089591ca74e670390e8050c1269fbbf58164,1246,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.020060+00:00,,,,,Upgrade to version: 9.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8cf7-32gw-wr33 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.1.0,False,False,,,False,,GHSA-8cf7-32gw-wr33,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8cf7-32gw-wr33; CVE-2022-23539, +True,multer,1.4.5-lts.2,2025-11-03 13:39:14.013823+00:00,,,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via unhandled exception NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.20092,0.00063,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,1e5ac0766778aa0d3a4699d7268057da55a62c2387e15f1fc058232ed67b49d9,1245,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.013805+00:00,,,,,Upgrade to version: 2.0.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-g5hg-p3ph-g8qg NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-48997 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 NEWLINE - https://github.com/expressjs/multer/issues/1233 NEWLINE - https://github.com/expressjs/multer/pull/1256 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-g5hg-p3ph-g8qg in multer:1.4.5-lts.2,False,False,,,False,,GHSA-g5hg-p3ph-g8qg,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-g5hg-p3ph-g8qg; CVE-2025-48997, +True,jws,0.2.6,2025-11-03 13:39:14.213589+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N,8.7,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Forgeable Public/Private Tokens in jws NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jws@0.2.6,False,,,False,,,,False,/juice-shop/node_modules/jws/package.json,,,False,,False,,65de452ff5969c58a4dbdae5d7b9d35bd7ea1e4a29b62c6e76049be787e9c04d,1273,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.213570+00:00,,,,,Upgrade to version: 3.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-gjcw-v447-2w7q NEWLINE **Related Vulnerability Datasource:** nvd,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-gjcw-v447-2w7q in jws:0.2.6,False,False,,,False,,GHSA-gjcw-v447-2w7q,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-gjcw-v447-2w7q; CVE-2016-1000223, +True,express-jwt,0.1.3,2025-11-03 13:39:13.993721+00:00,CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N,7.7,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Authorization bypass in express-jwt NEWLINE **Related Vulnerability Description:** In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/express-jwt@0.1.3",False,,,False,,0.27525,0.00095,False,/juice-shop/node_modules/express-jwt/package.json,,,False,,False,,7f3fb4c083bdd0071807f8e4598997fb90839244312b3bf1a0d9b9b1d8f3b891,1242,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.993703+00:00,,,,,Upgrade to version: 6.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-6g6m-m6h5-w9gf NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2020-15084 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef NEWLINE - https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf NEWLINE - https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef NEWLINE - https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-6g6m-m6h5-w9gf in express-jwt:0.1.3,False,False,,,False,,GHSA-6g6m-m6h5-w9gf,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-6g6m-m6h5-w9gf; CVE-2020-15084, +True,http-cache-semantics,3.8.1,2025-11-03 13:39:13.947891+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** http-cache-semantics vulnerable to Regular Expression Denial of Service NEWLINE **Related Vulnerability Description:** This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/http-cache-semantics@3.8.1",False,,,False,,0.37415,0.00159,False,/juice-shop/node_modules/http-cache-semantics/package.json,,,False,,False,,e662b0400bb9af0286dd74ea110d9ae3b4b1c7dfbfc06e21a1c9d03859782b21,1236,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.947870+00:00,,,,,Upgrade to version: 4.1.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-rc47-6667-2j5j NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-25881 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 NEWLINE - https://security.netapp.com/advisory/ntap-20230622-0008/ NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 NEWLINE - https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 NEWLINE - https://security.netapp.com/advisory/ntap-20230622-0008/ NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-rc47-6667-2j5j in http-cache-semantics:3.8.1,False,False,,,False,,GHSA-rc47-6667-2j5j,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-rc47-6667-2j5j; CVE-2022-25881, +True,braces,2.3.2,2025-11-03 13:39:13.904026+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Uncontrolled resource consumption in braces NEWLINE **Related Vulnerability Description:** The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends ""imbalanced braces"" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/braces@2.3.2",False,,,False,,0.45187,0.00225,False,/juice-shop/node_modules/braces/package.json,,,False,,False,,fee295670b576e697ddfcadd99d548c93389309dbcff631ab8a8555c55261a43,1231,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.904007+00:00,,,,,Upgrade to version: 3.0.3,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-grv7-fg5c-xmjg NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-4068 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://devhub.checkmarx.com/cve-details/CVE-2024-4068/ NEWLINE - https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff NEWLINE - https://github.com/micromatch/braces/issues/35 NEWLINE - https://github.com/micromatch/braces/pull/37 NEWLINE - https://github.com/micromatch/braces/pull/40 NEWLINE - https://devhub.checkmarx.com/cve-details/CVE-2024-4068/ NEWLINE - https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff NEWLINE - https://github.com/micromatch/braces/issues/35 NEWLINE - https://github.com/micromatch/braces/pull/37 NEWLINE - https://github.com/micromatch/braces/pull/40,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-grv7-fg5c-xmjg in braces:2.3.2,False,False,,,False,,GHSA-grv7-fg5c-xmjg,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-grv7-fg5c-xmjg; CVE-2024-4068, +True,,,2025-11-03 13:39:12.061137+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/dbSchemaChallenge_1.ts,,,False,,False,,96a782d96c35b919a694819c27defa3d6eb3fc5847c30a720c626174c484f036,1093,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.061113+00:00,5,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,moment,2.0.0,2025-11-03 13:39:13.881991+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Regular Expression Denial of Service in moment NEWLINE **Related Vulnerability Description:** The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/moment@2.0.0",False,,,False,,0.54731,0.00322,False,/juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,,False,,False,,630b663e09ac33c8e15851db186780e54d8ac1cdbb41e507e2edac1841a90ca6,1228,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.881973+00:00,,,,,Upgrade to version: 2.19.3,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-446m-mv8f-q348 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2017-18214 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/moment/moment/issues/4163 NEWLINE - https://nodesecurity.io/advisories/532 NEWLINE - https://www.tenable.com/security/tns-2019-02 NEWLINE - https://github.com/moment/moment/issues/4163 NEWLINE - https://nodesecurity.io/advisories/532 NEWLINE - https://www.tenable.com/security/tns-2019-02,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-446m-mv8f-q348 in moment:2.0.0,False,False,,,False,,GHSA-446m-mv8f-q348,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-446m-mv8f-q348; CVE-2017-18214, +True,lodash,2.4.2,2025-11-03 13:39:13.874892+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,5.6,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2",False,,,False,,0.60531,0.00409,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,988db307fc5bb30445f19dbafd9fb489dbda51fe10ecf5f2412b07c45f0c3d96,1227,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.874875+00:00,,,,,Upgrade to version: 4.17.11,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-4xc9-xhrj-v574 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2018-16487 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://hackerone.com/reports/380873 NEWLINE - https://security.netapp.com/advisory/ntap-20190919-0004/ NEWLINE - https://hackerone.com/reports/380873 NEWLINE - https://security.netapp.com/advisory/ntap-20190919-0004/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-4xc9-xhrj-v574 in lodash:2.4.2,False,False,,,False,,GHSA-4xc9-xhrj-v574,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-4xc9-xhrj-v574; CVE-2018-16487, +True,ws,7.4.6,2025-11-03 13:39:13.859669+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** ws affected by a DoS when handling a request with many HTTP headers NEWLINE **Related Vulnerability Description:** ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/ws@7.4.6",False,,,False,,0.66734,0.00541,False,/juice-shop/node_modules/engine.io/node_modules/ws/package.json,,,False,,False,,74033f3e158481bfea901d95193a59e2e8802a843bfa6b734b22d06ee7d95a7d,1225,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.859650+00:00,,,,,Upgrade to version: 7.5.10,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-3h5v-q93c-6h6q NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-37890 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f NEWLINE - https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e NEWLINE - https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c NEWLINE - https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 NEWLINE - https://github.com/websockets/ws/issues/2230 NEWLINE - https://github.com/websockets/ws/pull/2231 NEWLINE - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q NEWLINE - https://nodejs.org/api/http.html#servermaxheaderscount NEWLINE - https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f NEWLINE - https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e NEWLINE - https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c NEWLINE - https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 NEWLINE - https://github.com/websockets/ws/issues/2230 NEWLINE - https://github.com/websockets/ws/pull/2231 NEWLINE - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q NEWLINE - https://nodejs.org/api/http.html#servermaxheaderscount,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-3h5v-q93c-6h6q in ws:7.4.6,False,False,,,False,,GHSA-3h5v-q93c-6h6q,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-3h5v-q93c-6h6q; CVE-2024-37890, +True,moment,2.0.0,2025-11-03 13:39:13.845063+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Path Traversal: 'dir/../../filename' in moment.locale NEWLINE **Related Vulnerability Description:** Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/moment@2.0.0",False,,,False,,0.68927,0.00612,False,/juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,,False,,False,,e7f093b631db3bc800325fb2f6024d2ef72c40edf63cd9ae8af290300a55a993,1223,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.845044+00:00,,,,,Upgrade to version: 2.29.2,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8hfj-j24r-96c4 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-24785 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 NEWLINE - https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NEWLINE - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ NEWLINE - https://security.netapp.com/advisory/ntap-20220513-0006/ NEWLINE - https://www.tenable.com/security/tns-2022-09 NEWLINE - https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 NEWLINE - https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NEWLINE - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ NEWLINE - https://security.netapp.com/advisory/ntap-20220513-0006/ NEWLINE - https://www.tenable.com/security/tns-2022-09,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-8hfj-j24r-96c4 in moment:2.0.0,False,False,,,False,,GHSA-8hfj-j24r-96c4,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8hfj-j24r-96c4; CVE-2022-24785, +True,lodash,2.4.2,2025-11-03 13:39:13.837933+00:00,CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,7.2,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Command Injection in lodash NEWLINE **Related Vulnerability Description:** Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2,False,,,False,,0.7426,0.00859,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,869a7ec9777c876bef49b8a242706d066e27f30637bcd64513a7cb9f8fe567fd,1222,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.837915+00:00,,,,,Upgrade to version: 4.17.21,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-35jh-r3h4-6jhm NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2021-23337 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf NEWLINE - https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 NEWLINE - https://security.netapp.com/advisory/ntap-20210312-0006/ NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujul2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html NEWLINE - https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf NEWLINE - https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 NEWLINE - https://security.netapp.com/advisory/ntap-20210312-0006/ NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujul2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-35jh-r3h4-6jhm in lodash:2.4.2,False,False,,,False,,GHSA-35jh-r3h4-6jhm,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-35jh-r3h4-6jhm; CVE-2021-23337, +True,ip,2.0.1,2025-11-03 13:39:13.791548+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H,8.1,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** ip SSRF improper categorization in isPublic NEWLINE **Related Vulnerability Description:** The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/ip@2.0.1",False,,,False,,0.85898,0.02922,False,/juice-shop/node_modules/ip/package.json,,,False,,False,,e5cb954c35f339e0ca01a801f94a10426da4986a4003f83ee1f3c10d9261e959,1216,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.791530+00:00,,,,,,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-2p57-rm9w-gvfp NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-29415 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/indutny/node-ip/issues/150 NEWLINE - https://github.com/indutny/node-ip/pull/143 NEWLINE - https://github.com/indutny/node-ip/pull/144 NEWLINE - https://github.com/indutny/node-ip/issues/150 NEWLINE - https://github.com/indutny/node-ip/pull/143 NEWLINE - https://github.com/indutny/node-ip/pull/144 NEWLINE - https://security.netapp.com/advisory/ntap-20250117-0010/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-2p57-rm9w-gvfp in ip:2.0.1,False,False,,,False,,GHSA-2p57-rm9w-gvfp,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-2p57-rm9w-gvfp; CVE-2024-29415, +True,lodash.set,4.3.2,2025-11-03 13:39:13.814976+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H,7.4,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash.set@4.3.2,False,,,False,,0.84627,0.02439,False,/juice-shop/node_modules/lodash.set/package.json,,,False,,False,,4329c773eea03faf09868de96a1232ec6a258d90a3252d5c9852bd2503e3011d,1219,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.814958+00:00,,,,,,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-p6mc-m468-83gw NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2020-8203 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/lodash/lodash/issues/4874 NEWLINE - https://hackerone.com/reports/712065 NEWLINE - https://security.netapp.com/advisory/ntap-20200724-0006/ NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuApr2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuapr2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html NEWLINE - https://github.com/lodash/lodash/issues/4874 NEWLINE - https://hackerone.com/reports/712065 NEWLINE - https://security.netapp.com/advisory/ntap-20200724-0006/ NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuApr2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuapr2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-p6mc-m468-83gw in lodash.set:4.3.2,False,False,,,False,,GHSA-p6mc-m468-83gw,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-p6mc-m468-83gw; CVE-2020-8203, +True,jsonwebtoken,0.4.0,2025-11-03 13:39:12.668869+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,327,2025-11-03,,,"jsonwebtoken: Unrestricted key type could lead to legacy keys usagen NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 9.0.0 NEWLINE NEWLINE Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/jsonwebtoken/package.json,,True,False,,False,,ca3b8b343542a955f549294d867be0a27219b1a0857a8fc24fb609e981327d70,1148,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.668851+00:00,,,,,9.0.0,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2022-23539 NEWLINE https://github.com/auth0/node-jsonwebtoken NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE https://security.netapp.com/advisory/ntap-20240621-0007 NEWLINE https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE https://www.cve.org/CVERecord?id=CVE-2022-23539,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2022-23539 Jsonwebtoken 0.4.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2022-23539, +True,jsonwebtoken,0.4.0,2025-11-03 13:39:12.675800+00:00,,,,,0,2025-11-03,,,"Verification Bypass NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** >=4.2.2 NEWLINE NEWLINE It is possible for an attacker to bypass verification when ""a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)"" [1] NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/jsonwebtoken/package.json,,True,False,,False,,0142e140f79a7a7ac358e4012958cf9a35cf175d14eed3fcb56c91f6a1a62771,1149,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.675780+00:00,,,,,>=4.2.2,,S1,False,,,,,,,,False,https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,NSWG-ECO-17 Jsonwebtoken 0.4.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,NSWG-ECO-17, +True,,,2025-11-03 13:39:12.222734+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/routes/search.ts,,,False,,False,,1bf0b263903752029aa809a978cd26d8d2a2bf32c9585422c88e70e7a3a6947a,1109,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.222715+00:00,23,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.228019+00:00,,,,,95,2025-11-03,,,**Result message:** Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible. NEWLINE ,False,,,False,,,,False,/src/routes/userProfile.ts,,,False,,False,,eb9f5c7fbc7059d112c8d40c166d5378cfdea907628e793c1172ee4e7828fb4e,1110,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.228001+00:00,62,,,,,1,S1,False,,,,,,,,False,https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval NEWLINE https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback NEWLINE https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/ NEWLINE https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.lang.security.audit.code-string-concat.code-string-concat,False,False,,,False,,javascript.lang.security.audit.code-string-concat.code-string-concat,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,jws,0.2.6,2025-11-03 13:39:12.697590+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N,8.7,,,0,2025-11-03,,,"Forgeable Public/Private Tokens NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** >=3.0.0 NEWLINE NEWLINE Since ""algorithm"" isn't enforced in `jws.verify()`, a malicious user could choose what algorithm is sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. NEWLINE NEWLINE In addition, there is the `none` algorithm to be concerned about. In versions prior to 3.0.0, verification of the token could be bypassed when the `alg` field is set to `none`. NEWLINE NEWLINE *Edit ( 7/29/16 ): A previous version of this advisory incorrectly stated that the vulnerability was patched in version 2.0.0 instead of 3.0.0. The advisory has been updated to reflect this new information. Thanks to Fabien Catteau for reporting the error.* NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/jws/package.json,,True,False,,False,,fc82af3efd8f08845b524488304dda7da7859112ccd3757af3ffa43814fda976,1152,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.697566+00:00,,,,,>=3.0.0,,S1,False,,,,,,,,False,https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries NEWLINE https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE https://github.com/brianloveswords/node-jws NEWLINE https://github.com/brianloveswords/node-jws/commit/585d0e1e97b6747c10cf5b7689ccc5618a89b299#diff-4ac32a78649ca5bdd8e0ba38b7006a1e NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2016-1000223 NEWLINE https://snyk.io/vuln/npm:jws:20160726 NEWLINE https://www.npmjs.com/advisories/88,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2016-1000223 JWS 0.2.6,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2016-1000223, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:12.520055+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,674,2025-11-03,,,"glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c NEWLINE **Target:** bkimminich/juice-shop:v19.0.0 (debian 12.11) NEWLINE **Type:** debian NEWLINE **Fixed version:** NEWLINE NEWLINE In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern NEWLINE ",False,,,False,,,,False,bkimminich/juice-shop:v19.0.0 (debian 12.11),,False,False,,False,,e51702f1cc119aaa5edceed9156a7a87959db15c9f59ac23e8785d422a54e254,1127,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.520037+00:00,,,,,,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2019-9192 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2019-9192 NEWLINE https://sourceware.org/bugzilla/show_bug.cgi?id=24269 NEWLINE https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS NEWLINE https://www.cve.org/CVERecord?id=CVE-2019-9192,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2019-9192 Libc6 2.36-9+deb12u10,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2019-9192, +True,lodash,2.4.2,2025-11-03 13:39:12.718724+00:00,CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,7.2,,,94,2025-11-03,,,nodejs-lodash: command injection via template NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.17.21 NEWLINE NEWLINE Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,True,False,,False,,2f7e06877557882e061c552cd017dcac8902895673a25d0b0d19beae50eae487,1155,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.718705+00:00,,,,,4.17.21,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2021-23337 NEWLINE https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf NEWLINE https://github.com/advisories/GHSA-35jh-r3h4-6jhm NEWLINE https://github.com/lodash/lodash NEWLINE https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js NEWLINE https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851 NEWLINE https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 NEWLINE https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c NEWLINE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2021-23337 NEWLINE https://security.netapp.com/advisory/ntap-20210312-0006 NEWLINE https://security.netapp.com/advisory/ntap-20210312-0006/ NEWLINE https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 NEWLINE https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 NEWLINE https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 NEWLINE https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 NEWLINE https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 NEWLINE https://snyk.io/vuln/SNYK-JS-LODASH-1040724 NEWLINE https://www.cve.org/CVERecord?id=CVE-2021-23337 NEWLINE https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE https://www.oracle.com/security-alerts/cpujul2022.html NEWLINE https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2021-23337 Lodash 2.4.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2021-23337, +True,multer,1.4.5-lts.2,2025-11-03 13:39:14.059261+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service from maliciously crafted requests NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.10319,0.00037,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,e361ef84b7e55dd3b2c90b9d8fb942526c15c129d1f901c7d3c7bc176d1f7764,1252,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.059243+00:00,,,,,Upgrade to version: 2.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-4pg4-qvpc-4q3h NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-47944 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE - https://github.com/expressjs/multer/issues/1176 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-4pg4-qvpc-4q3h in multer:1.4.5-lts.2,False,False,,,False,,GHSA-4pg4-qvpc-4q3h,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-4pg4-qvpc-4q3h; CVE-2025-47944, +True,,,2025-11-03 13:39:12.203156+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/routes/login.ts,,,False,,False,,18cf39067c5c99611bd071fc090cc6ab2730c0b342ddb473583abbf12fa8d8d0,1105,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.203139+00:00,34,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.156089+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/unionSqlInjectionChallenge_3.ts,,,False,,False,,e4cf67f59b27847f530768137bbd364d0adffc5f43d4e2faeb22d829b39d7ab7,1096,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.156064+00:00,10,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:14.148155+00:00,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,7.8,,,0,2025-11-03,,,**Vulnerability Namespace:** debian:distro:debian:12 NEWLINE **Vulnerability Description:** Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). NEWLINE **Matcher:** dpkg-matcher NEWLINE **Package URL:** pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc,False,,,False,,0.00908,0.00011,False,/var/lib/dpkg/status.d/libc6,,,False,,False,,896756e9b5609418a794af6ff0d230e96a44a877d620bdea454cf1d30e61e6bd,1264,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.148135+00:00,,,,,Upgrade to version: 2.36-9+deb12u11,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://security-tracker.debian.org/tracker/CVE-2025-4802 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-4802 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://sourceware.org/bugzilla/show_bug.cgi?id=32976 NEWLINE - https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e NEWLINE - http://www.openwall.com/lists/oss-security/2025/05/16/7 NEWLINE - http://www.openwall.com/lists/oss-security/2025/05/17/2,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,CVE-2025-4802 in libc6:2.36-9+deb12u10,False,False,,,False,,CVE-2025-4802,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,CVE-2025-4802, +True,lodash.set,4.3.2,2025-11-03 13:39:12.745607+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H,7.4,,,770,2025-11-03,,,nodejs-lodash: prototype pollution in zipObjectDeep function NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** NEWLINE NEWLINE Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/lodash.set/package.json,,False,False,,False,,47ba2c057b6551e0249106994f29d726e04e719214372be4bc031977bf87f882,1159,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.745588+00:00,,,,,,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2020-8203 NEWLINE https://github.com/advisories/GHSA-p6mc-m468-83gw NEWLINE https://github.com/github/advisory-database/pull/2884 NEWLINE https://github.com/lodash/lodash NEWLINE https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12 NEWLINE https://github.com/lodash/lodash/issues/4744 NEWLINE https://github.com/lodash/lodash/issues/4874 NEWLINE https://github.com/lodash/lodash/wiki/Changelog#v41719 NEWLINE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml NEWLINE https://hackerone.com/reports/712065 NEWLINE https://hackerone.com/reports/864701 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2020-8203 NEWLINE https://security.netapp.com/advisory/ntap-20200724-0006 NEWLINE https://security.netapp.com/advisory/ntap-20200724-0006/ NEWLINE https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744 NEWLINE https://www.cve.org/CVERecord?id=CVE-2020-8203 NEWLINE https://www.npmjs.com/advisories/1523 NEWLINE https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE https://www.oracle.com/security-alerts/cpuApr2021.html NEWLINE https://www.oracle.com/security-alerts/cpuapr2022.html NEWLINE https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2020-8203 lodash.set 4.3.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2020-8203, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:12.499692+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,8.8,,,0,2025-11-03,,,"glibc: running ldd on malicious ELF leads to code execution because of wrong size computation NEWLINE **Target:** bkimminich/juice-shop:v19.0.0 (debian 12.11) NEWLINE **Type:** debian NEWLINE **Fixed version:** NEWLINE NEWLINE GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat. NEWLINE ",False,,,False,,,,False,bkimminich/juice-shop:v19.0.0 (debian 12.11),,False,False,,False,,37a2415d08693c1312223df93b5c7a75949bbdbfc23d54ad0ffc370c105d9014,1124,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.499667+00:00,,,,,,,S1,False,,,,,,,,False,http://www.securityfocus.com/bid/109167 NEWLINE https://access.redhat.com/security/cve/CVE-2019-1010023 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 NEWLINE https://security-tracker.debian.org/tracker/CVE-2019-1010023 NEWLINE https://sourceware.org/bugzilla/show_bug.cgi?id=22851 NEWLINE https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS NEWLINE https://ubuntu.com/security/CVE-2019-1010023 NEWLINE https://www.cve.org/CVERecord?id=CVE-2019-1010023,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2019-1010023 Libc6 2.36-9+deb12u10,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2019-1010023, +True,base64url,0.0.6,2025-11-03 13:39:12.553554+00:00,,,,,0,2025-11-03,,,Out-of-bounds Read NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** >=3.0.0 NEWLINE NEWLINE `base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/base64url/package.json,,True,False,,False,,be151895c91d23d77b7d6356209b590633dac21e5af1e47b9758081ce5118e47,1132,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.553536+00:00,,,,,>=3.0.0,,S1,False,,,,,,,,False,https://github.com/brianloveswords/base64url/pull/25 NEWLINE https://hackerone.com/reports/321687,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,NSWG-ECO-428 Base64url 0.0.6,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,NSWG-ECO-428, +True,moment,2.0.0,2025-11-03 13:39:12.782207+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,7.5,,,22,2025-11-03,,,"Moment.js: Path traversal in moment.locale NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.29.2 NEWLINE NEWLINE Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,True,False,,False,,362f998148c58f245982ed840bda60c6fb1bc650b3e099823e8c6dd829c2fced,1164,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.782188+00:00,,,,,2.29.2,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2022-24785 NEWLINE https://github.com/moment/moment NEWLINE https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 NEWLINE https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NEWLINE https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html NEWLINE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ NEWLINE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ NEWLINE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q NEWLINE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2022-24785 NEWLINE https://security.netapp.com/advisory/ntap-20220513-0006 NEWLINE https://security.netapp.com/advisory/ntap-20220513-0006/ NEWLINE https://ubuntu.com/security/notices/USN-5559-1 NEWLINE https://www.cve.org/CVERecord?id=CVE-2022-24785 NEWLINE https://www.tenable.com/security/tns-2022-09,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2022-24785 Moment 2.0.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2022-24785, +True,moment,2.0.0,2025-11-03 13:39:12.774554+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,400,2025-11-03,,,"nodejs-moment: Regular expression denial of service NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.19.3 NEWLINE NEWLINE The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,True,False,,False,,dac1e6f8286e134b82dcda08827e835bce97ee1a9e8ac6cacff68f9ec4ccf6a8,1163,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.774535+00:00,,,,,2.19.3,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2017-18214 NEWLINE https://github.com/advisories/GHSA-446m-mv8f-q348 NEWLINE https://github.com/moment/moment NEWLINE https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb NEWLINE https://github.com/moment/moment/issues/4163 NEWLINE https://github.com/moment/moment/pull/4326 NEWLINE https://nodesecurity.io/advisories/532 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2017-18214 NEWLINE https://ubuntu.com/security/notices/USN-4786-1 NEWLINE https://www.cve.org/CVERecord?id=CVE-2017-18214 NEWLINE https://www.npmjs.com/advisories/532 NEWLINE https://www.tenable.com/security/tns-2019-02,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2017-18214 Moment 2.0.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2017-18214, +True,libc6,2.36-9+deb12u10,2025-11-03 13:39:12.463918+00:00,CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H,7.0,,,426,2025-11-03,,,glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH NEWLINE **Target:** bkimminich/juice-shop:v19.0.0 (debian 12.11) NEWLINE **Type:** debian NEWLINE **Fixed version:** 2.36-9+deb12u11 NEWLINE NEWLINE Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). NEWLINE ,False,,,False,,,,False,bkimminich/juice-shop:v19.0.0 (debian 12.11),,True,False,,False,,88b6933a6ff101c19c561fdefeb2cd852dad759069e45fa003a4f127f7b77945,1119,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.463898+00:00,,,,,2.36-9+deb12u11,,S1,False,,,,,,,,False,http://www.openwall.com/lists/oss-security/2025/05/16/7 NEWLINE http://www.openwall.com/lists/oss-security/2025/05/17/2 NEWLINE https://access.redhat.com/errata/RHSA-2025:8655 NEWLINE https://access.redhat.com/security/cve/CVE-2025-4802 NEWLINE https://bugzilla.redhat.com/2367468 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2367468 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802 NEWLINE https://errata.almalinux.org/9/ALSA-2025-8655.html NEWLINE https://errata.rockylinux.org/RLSA-2025:8686 NEWLINE https://linux.oracle.com/cve/CVE-2025-4802.html NEWLINE https://linux.oracle.com/errata/ELSA-2025-8686.html NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2025-4802 NEWLINE https://sourceware.org/bugzilla/show_bug.cgi?id=32976 NEWLINE https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e NEWLINE https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 NEWLINE https://ubuntu.com/security/notices/USN-7541-1 NEWLINE https://www.cve.org/CVERecord?id=CVE-2025-4802 NEWLINE https://www.openwall.com/lists/oss-security/2025/05/16/7 NEWLINE https://www.openwall.com/lists/oss-security/2025/05/17/2,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2025-4802 Libc6 2.36-9+deb12u10,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2025-4802, +True,multer,1.4.5-lts.2,2025-11-03 13:39:12.797804+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,401,2025-11-03,,,"Multer vulnerable to Denial of Service via memory leaks from unclosed streams NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.0.0 NEWLINE NEWLINE Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/multer/package.json,,True,False,,False,,bd7c5d742836d0352509a8474ed0a0c95c51a5a63381ad5fc8f27b95701c4f33,1166,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.797784+00:00,,,,,2.0.0,,S1,False,,,,,,,,False,https://github.com/expressjs/multer NEWLINE https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE https://github.com/expressjs/multer/pull/1120 NEWLINE https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2025-47935,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2025-47935 Multer 1.4.5-lts.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2025-47935, +True,braces,2.3.2,2025-11-03 13:39:12.567161+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,1050,2025-11-03,,,"braces: fails to limit the number of characters it can handle NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 3.0.3 NEWLINE NEWLINE The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends ""imbalanced braces"" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/braces/package.json,,True,False,,False,,568df38b03dd302ca712ae63e22d3ae68d4f6547f7304d6347552b380e39ec58,1134,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.567141+00:00,,,,,3.0.3,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2024-4068 NEWLINE https://devhub.checkmarx.com/cve-details/CVE-2024-4068 NEWLINE https://devhub.checkmarx.com/cve-details/CVE-2024-4068/ NEWLINE https://github.com/micromatch/braces NEWLINE https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308 NEWLINE https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff NEWLINE https://github.com/micromatch/braces/issues/35 NEWLINE https://github.com/micromatch/braces/pull/37 NEWLINE https://github.com/micromatch/braces/pull/40 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2024-4068 NEWLINE https://www.cve.org/CVERecord?id=CVE-2024-4068,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2024-4068 Braces 2.3.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2024-4068, +True,multer,1.4.5-lts.2,2025-11-03 13:39:12.805336+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,248,2025-11-03,,,"Multer vulnerable to Denial of Service from maliciously crafted requests NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.0.0 NEWLINE NEWLINE Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/multer/package.json,,True,False,,False,,d54a393560504cbe27d8c6511ce8e775584da954e8e529f7c193cdc23ade5220,1167,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.805308+00:00,,,,,2.0.0,,S1,False,,,,,,,,False,https://github.com/expressjs/multer NEWLINE https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE https://github.com/expressjs/multer/issues/1176 NEWLINE https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2025-47944,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2025-47944 Multer 1.4.5-lts.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2025-47944, +True,multer,1.4.5-lts.2,2025-11-03 13:39:14.118060+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-03,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via unhandled exception from malformed request NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.03192,0.00018,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,aeeed161b43b47649735bd042aa9e630e5f28c400c888417fc0720be9c2e7a7e,1260,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:14.118041+00:00,,,,,Upgrade to version: 2.0.2,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-fjgf-rc76-4x9p NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-7338 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://cna.openjsf.org/security-advisories.html NEWLINE - https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Anchore Grype,35,0,GHSA-fjgf-rc76-4x9p in multer:1.4.5-lts.2,False,False,,,False,,GHSA-fjgf-rc76-4x9p,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-fjgf-rc76-4x9p; CVE-2025-7338, +True,multer,1.4.5-lts.2,2025-11-03 13:39:12.819813+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,248,2025-11-03,,,"multer: Multer Denial of Service NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.0.2 NEWLINE NEWLINE Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/multer/package.json,,True,False,,False,,33b43b94f6fc1e88bef206211995c8a1beec0c7191fa649e7364a8811dfdd380,1169,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.819793+00:00,,,,,2.0.2,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2025-7338 NEWLINE https://cna.openjsf.org/security-advisories.html NEWLINE https://github.com/expressjs/multer NEWLINE https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b NEWLINE https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2025-7338 NEWLINE https://www.cve.org/CVERecord?id=CVE-2025-7338,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2025-7338 Multer 1.4.5-lts.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2025-7338, +True,sanitize-html,1.4.2,2025-11-03 13:39:12.834299+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,1333,2025-11-03,,,sanitize-html: insecure global regular expression replacement logic may lead to ReDoS NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.7.1 NEWLINE NEWLINE The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. NEWLINE ,False,,,False,,,,False,juice-shop/node_modules/sanitize-html/package.json,,True,False,,False,,5336cfa12cf3900d3fb926e6a85d22a47c2bc12db14156286dbfe08c9a3b5e82,1171,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.834278+00:00,,,,,2.7.1,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2022-25887 NEWLINE https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c NEWLINE https://github.com/apostrophecms/sanitize-html/pull/557 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2022-25887 NEWLINE https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102 NEWLINE https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 NEWLINE https://ubuntu.com/security/notices/USN-7464-1 NEWLINE https://www.cve.org/CVERecord?id=CVE-2022-25887,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2022-25887 Sanitize-HTML 1.4.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2022-25887, +True,,,2025-11-03 13:39:12.140815+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/dbSchemaChallenge_3.ts,,,False,,False,,01082c2e3b0d087751b2b5a5de33426a8c955da41140cd6cc549631147555033,1094,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.140775+00:00,11,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,express-jwt,0.1.3,2025-11-03 13:39:12.596008+00:00,CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N,7.7,,,285,2025-11-03,,,"Authorization bypass in express-jwt NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 6.0.0 NEWLINE NEWLINE In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/express-jwt/package.json,,True,False,,False,,4dcd0b3c67f7504e208fa2d06bcb0f2135df3d457030cb041e4b0b4323d3c292,1138,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.595989+00:00,,,,,6.0.0,,S1,False,,,,,,,,False,https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef NEWLINE https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2020-15084,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2020-15084 Express-JWT 0.1.3,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2020-15084, +True,,,2025-11-03 13:39:12.150800+00:00,,,,,89,2025-11-03,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/unionSqlInjectionChallenge_1.ts,,,False,,False,,ff96577206ffc5ef88468f2a16d9dec6744398620a4a59c51ecfb7d5e984a12e,1095,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.150776+00:00,6,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Semgrep JSON Report,32,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,http-cache-semantics,3.8.1,2025-11-03 13:39:12.609953+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,1333,2025-11-03,,,"http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.1.1 NEWLINE NEWLINE This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/http-cache-semantics/package.json,,True,False,,False,,571fd4fc46d4f69792e2fc2b1ef536fa0c2b102b3c55018951bb7e234935d0c7,1140,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.609935+00:00,,,,,4.1.1,,S1,False,,,,,,,,False,https://access.redhat.com/errata/RHSA-2023:2655 NEWLINE https://access.redhat.com/security/cve/CVE-2022-25881 NEWLINE https://bugzilla.redhat.com/2165824 NEWLINE https://bugzilla.redhat.com/2168631 NEWLINE https://bugzilla.redhat.com/2171935 NEWLINE https://bugzilla.redhat.com/2172190 NEWLINE https://bugzilla.redhat.com/2172204 NEWLINE https://bugzilla.redhat.com/2172217 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2165824 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2168631 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2171935 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2172190 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2172204 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2172217 NEWLINE https://bugzilla.redhat.com/show_bug.cgi?id=2178076 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25881 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4904 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936 NEWLINE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24807 NEWLINE https://errata.almalinux.org/9/ALSA-2023-2655.html NEWLINE https://errata.rockylinux.org/RLSA-2023:2655 NEWLINE https://github.com/kornelski/http-cache-semantics NEWLINE https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 NEWLINE https://github.com/kornelski/http-cache-semantics/commit/560b2d8ef452bbba20ffed69dc155d63ac757b74 NEWLINE https://linux.oracle.com/cve/CVE-2022-25881.html NEWLINE https://linux.oracle.com/errata/ELSA-2023-2655.html NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2022-25881 NEWLINE https://security.netapp.com/advisory/ntap-20230622-0008 NEWLINE https://security.netapp.com/advisory/ntap-20230622-0008/ NEWLINE https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 NEWLINE https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 NEWLINE https://www.cve.org/CVERecord?id=CVE-2022-25881,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2022-25881 HTTP-Cache-Semantics 3.8.1,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2022-25881, +True,ip,2.0.1,2025-11-03 13:39:12.617497+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H,8.1,,,918,2025-11-03,,,"node-ip: Incomplete fix for CVE-2023-42282 NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** NEWLINE NEWLINE The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/ip/package.json,,False,False,,False,,095bbcab1d8ca926b2c9546a5fb3445d4381be03eb8f1f07dd0c96ccab7a9357,1141,affected,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.617478+00:00,,,,,,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2024-29415 NEWLINE https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html NEWLINE https://github.com/indutny/node-ip NEWLINE https://github.com/indutny/node-ip/issues/150 NEWLINE https://github.com/indutny/node-ip/pull/143 NEWLINE https://github.com/indutny/node-ip/pull/144 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2024-29415 NEWLINE https://security.netapp.com/advisory/ntap-20250117-0010 NEWLINE https://security.netapp.com/advisory/ntap-20250117-0010/ NEWLINE https://www.cve.org/CVERecord?id=CVE-2024-29415,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2024-29415 Ip 2.0.1,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2024-29415, +True,socket.io,3.1.2,2025-11-03 13:39:12.890097+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,7.3,,,20,2025-11-03,,,"socket.io: Unhandled 'error' event NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 2.5.1, 4.6.2 NEWLINE NEWLINE Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the ""error"" event to catch these errors. NEWLINE NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/socket.io/package.json,,True,False,,False,,2540c2c09290e039815536da731166d36b1301a75bae06043cef33db9de245a1,1179,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.890079+00:00,,,,,"2.5.1, 4.6.2",,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2024-38355 NEWLINE https://github.com/socketio/socket.io NEWLINE https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115 NEWLINE https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c NEWLINE https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2024-38355 NEWLINE https://www.cve.org/CVERecord?id=CVE-2024-38355 NEWLINE https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2024-38355 socket.io 3.1.2,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2024-38355, +True,socket.io-parser,4.0.5,2025-11-03 13:39:12.897020+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,7.3,,,20,2025-11-03,,,"socket.io parser is a socket.io encoder and decoder written in JavaScr ... NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 4.2.3, 3.4.3, 3.3.4 NEWLINE NEWLINE socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. NEWLINE NEWLINE NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/socket.io-parser/package.json,,True,False,,False,,98ce9967e858684e41b627a0e70181bd495eb4eab63d3ce6618b1907136b1b03,1180,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.897002+00:00,,,,,"4.2.3, 3.4.3, 3.3.4",,S1,False,,,,,,,,False,https://github.com/socketio/socket.io-parser NEWLINE https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9 NEWLINE https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced NEWLINE https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 NEWLINE https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4 NEWLINE https://github.com/socketio/socket.io-parser/releases/tag/4.2.3 NEWLINE https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2023-32695,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2023-32695 socket.io-parser 4.0.5,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2023-32695, +True,jsonwebtoken,0.1.0,2025-11-03 13:39:12.631889+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,327,2025-11-03,,,"jsonwebtoken: Unrestricted key type could lead to legacy keys usagen NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 9.0.0 NEWLINE NEWLINE Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,True,False,,False,,6f3dfc185629e8776a771b457a4512c2368ac2ffd1ac30190e791b23ed9a0968,1143,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.631870+00:00,,,,,9.0.0,,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2022-23539 NEWLINE https://github.com/auth0/node-jsonwebtoken NEWLINE https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE https://security.netapp.com/advisory/ntap-20240621-0007 NEWLINE https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE https://www.cve.org/CVERecord?id=CVE-2022-23539,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2022-23539 Jsonwebtoken 0.1.0,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2022-23539, +True,tar-fs,2.1.3,2025-11-03 13:39:12.910529+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,7.5,,,22,2025-11-03,,,"tar-fs: tar-fs symlink validation bypass NEWLINE **Target:** Node.js NEWLINE **Type:** node-pkg NEWLINE **Fixed version:** 3.1.1, 2.1.4, 1.16.6 NEWLINE NEWLINE tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. NEWLINE ",False,,,False,,,,False,juice-shop/node_modules/tar-fs/package.json,,True,False,,False,,72344e9bebce8d798e4ea2a5a3e51a72cd00ccd5dd078caa8fbcc4f71eb6702c,1182,fixed,False,,False,2025-11-03 13:39:12.388019+00:00,Admin User (admin),1,2025-11-03 13:39:12.910510+00:00,,,,,"3.1.1, 2.1.4, 1.16.6",,S1,False,,,,,,,,False,https://access.redhat.com/security/cve/CVE-2025-59343 NEWLINE https://github.com/mafintosh/tar-fs NEWLINE https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 NEWLINE https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v NEWLINE https://nvd.nist.gov/vuln/detail/CVE-2025-59343 NEWLINE https://www.cve.org/CVERecord?id=CVE-2025-59343,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-03,2025-12-03,,,,True,,Trivy Scan,33,0,CVE-2025-59343 Tar-Fs 2.1.3,False,False,,,True,,,,Trivy Scan,1,Labs Security Testing,1,Juice Shop,,CVE-2025-59343, +True,sanitize-html,1.4.2,2025-11-03 13:39:13.889530+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,6.1,,,0,2025-11-03,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Cross-Site Scripting in sanitize-html NEWLINE **Related Vulnerability Description:** sanitize-html before 1.4.3 has XSS. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/sanitize-html@1.4.2,False,,,False,,0.55211,0.00328,False,/juice-shop/node_modules/sanitize-html/package.json,,,False,,False,,af68ade14bd898793d4c01ab389ecb10c4be106ae826b67f1387a3839fe8341f,1229,,False,,False,2025-11-03 13:39:13.691142+00:00,Admin User (admin),1,2025-11-03 13:39:13.889512+00:00,,,,,Upgrade to version: 1.4.3,1,S2,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-3j7m-hmh3-9jmp NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2016-1000237 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://nodesecurity.io/advisories/135 NEWLINE - https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json NEWLINE - https://nodesecurity.io/advisories/135 NEWLINE - https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Anchore Grype,35,0,GHSA-3j7m-hmh3-9jmp in sanitize-html:1.4.2,False,False,,,False,,GHSA-3j7m-hmh3-9jmp,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-3j7m-hmh3-9jmp; CVE-2016-1000237, +True,,,2025-11-03 13:39:12.161808+00:00,,,,,79,2025-11-03,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/navbar/navbar.component.html,,,False,,False,,fbc2121d22e6d92272ae7ab2621272590d4c7ed87c1abb31fecf21e0dbf0ee65,1097,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.161789+00:00,17,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.167581+00:00,,,,,79,2025-11-03,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/purchase-basket/purchase-basket.component.html,,,False,,False,,25ddc4aba2ab39b0f8b123aff5efde8dbf706a0a80234006894223b6362f28d2,1098,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.167562+00:00,15,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.172760+00:00,,,,,79,2025-11-03,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/search-result/search-result.component.html,,,False,,False,,da4d380dafe7a95f30947b223244cb51a686574c7e816de2c6c0c88685619803,1099,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.172742+00:00,40,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.177953+00:00,,,,,798,2025-11-03,,,"**Result message:** A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). NEWLINE ",False,,,False,,,,False,/src/lib/insecurity.ts,,,False,,False,,336c04ba579d98f1cbd843dec07351d03b9ed6fe11f5c2642269dd2f2b597ca2,1100,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.177934+00:00,56,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret,False,False,,,False,,javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.182699+00:00,,,,,79,2025-11-03,,,**Result message:** User data flows into the host portion of this manually-constructed HTML. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Consider using a sanitization library such as DOMPurify to sanitize the HTML within. NEWLINE ,False,,,False,,,,False,/src/routes/chatbot.ts,,,False,,False,,2da08eee2cae8d5a4c40ff22ebd6e1b771acf48bbab5635c2facc17ad30aff2e,1101,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.182681+00:00,197,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.injection.raw-html-format.raw-html-format,False,False,,,False,,javascript.express.security.injection.raw-html-format.raw-html-format,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.187592+00:00,,,,,73,2025-11-03,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/fileServer.ts,,,False,,False,,730127e56b626e43913d00326470199b3fe58308c46ed1f752cdcf55116f0924,1102,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.187574+00:00,33,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.192776+00:00,,,,,73,2025-11-03,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/keyServer.ts,,,False,,False,,4dc4ded60b0a833d49b01c2aa3ed19e1d3d800efc8c4951d7e22c61af3182247,1103,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.192759+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.197883+00:00,,,,,73,2025-11-03,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/logfileServer.ts,,,False,,False,,b3ca11f8dac4967975a1496a32c7d38dd9dd5a0c04f35c04c32c2c28ae9a6223,1104,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.197864+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.207778+00:00,,,,,73,2025-11-03,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/quarantineServer.ts,,,False,,False,,7b377f19cbc2f96c874065754ed333f0c1da7f5c030cd6b6c2ffedf6c5f26cff,1106,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.207760+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.212958+00:00,,,,,601,2025-11-03,,,"**Result message:** It looks like 'toUrl' is read from user input and it is used to as a redirect. Ensure 'toUrl' is not externally controlled, otherwise this is an open redirect. NEWLINE ",False,,,False,,,,False,/src/routes/redirect.ts,,,False,,False,,6d87215e82bf602b7db608e037398fa9328dfbf4fa4634ca81ab65f9bbc56a35,1107,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.212940+00:00,19,,,,,1,S2,False,,,,,,,,False,https://owasp.org/Top10/A01_2021-Broken_Access_Control,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect,False,False,,,False,,javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.217994+00:00,,,,,601,2025-11-03,,,"**Result message:** The application redirects to a URL specified by user-supplied input `query` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website. NEWLINE ",False,,,False,,,,False,/src/routes/redirect.ts,,,False,,False,,a07b144e5ae8c6f65c5a69b2fc91dd3a60f6bc861168ae8f5d4ce874c5e63d3a,1108,,False,,False,2025-11-03 13:39:12.050914+00:00,Admin User (admin),1,2025-11-03 13:39:12.217972+00:00,19,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-01,2026-02-01,,,,True,,Semgrep JSON Report,32,0,javascript.express.security.audit.express-open-redirect.express-open-redirect,False,False,,,False,,javascript.express.security.audit.express-open-redirect.express-open-redirect,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-03 13:39:12.233042+00:00,,,,,79,2025-11-03,,,"**Result message:** Cannot determine what 'subs' is and it is used with a '", + "otherinfo": "" + }, + { + "id": "31", + "uri": "http://localhost:3000", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "2", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "3", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "92", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "95", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "94", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "97", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "93", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "96", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "90", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "91", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "27", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "30", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "14", + "solution": "

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

", + "otherinfo": "", + "reference": "", + "cweid": "829", + "wascid": "15", + "sourceid": "10" + }, + { + "pluginid": "10110", + "alertRef": "10110", + "alert": "Dangerous JS Functions", + "name": "Dangerous JS Functions", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A dangerous JS function seems to be in use that would leave the site vulnerable.

", + "instances":[ + { + "id": "63", + "uri": "http://localhost:3000/main.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + }, + { + "id": "68", + "uri": "http://localhost:3000/vendor.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + } + ], + "count": "2", + "solution": "

See the references for security advice on the use of these functions.

", + "otherinfo": "", + "reference": "

https://v17.angular.io/guide/security

", + "cweid": "749", + "wascid": "-1", + "sourceid": "21" + }, + { + "pluginid": "10063", + "alertRef": "10063-2", + "alert": "Deprecated Feature Policy Header Set", + "name": "Deprecated Feature Policy Header Set", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The header has now been renamed to Permissions-Policy.

", + "instances":[ + { + "id": "54", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "9", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "82", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "85", + "uri": "http://localhost:3000/ftp/eastere.gg", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "84", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "83", + "uri": "http://localhost:3000/ftp/package.json.bak", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "64", + "uri": "http://localhost:3000/main.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "32", + "uri": "http://localhost:3000/polyfills.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "19", + "uri": "http://localhost:3000/runtime.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "51", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "69", + "uri": "http://localhost:3000/vendor.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + } + ], + "count": "11", + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/

", + "cweid": "16", + "wascid": "15", + "sourceid": "10" + }, + { + "pluginid": "90004", + "alertRef": "90004-2", + "alert": "Insufficient Site Isolation Against Spectre Vulnerability", + "name": "Insufficient Site Isolation Against Spectre Vulnerability", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).

", + "instances":[ + { + "id": "55", + "uri": "http://localhost:3000", + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "10", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "86", + "uri": "http://localhost:3000/ftp", + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "100", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "56", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "58", + "uri": "http://localhost:3000", + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "11", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "87", + "uri": "http://localhost:3000/ftp", + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "101", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "57", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "10", + "solution": "

Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy

", + "cweid": "693", + "wascid": "14", + "sourceid": "10" + }, + { + "pluginid": "10096", + "alertRef": "10096", + "alert": "Timestamp Disclosure - Unix", + "name": "Timestamp Disclosure - Unix", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A timestamp was disclosed by the application/web server. - Unix

", + "instances":[ + { + "id": "38", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "42", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "40", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "5", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "7", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "6", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "44", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "46", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "45", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + } + ], + "count": "9", + "solution": "

Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

", + "otherinfo": "

1650485437, which evaluates to: 2022-04-20 20:10:37.

", + "reference": "

https://cwe.mitre.org/data/definitions/200.html

", + "cweid": "497", + "wascid": "13", + "sourceid": "10" + }, + { + "pluginid": "10027", + "alertRef": "10027", + "alert": "Information Disclosure - Suspicious Comments", + "name": "Information Disclosure - Suspicious Comments", + "riskcode": "0", + "confidence": "1", + "riskdesc": "Informational (Low)", + "desc": "

The response appears to contain suspicious comments which may help an attacker.

", + "instances":[ + { + "id": "61", + "uri": "http://localhost:3000/main.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet." + }, + { + "id": "66", + "uri": "http://localhost:3000/vendor.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "Query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//www.w3.org/2000/svg\" viewBox=\"0 0 512 512\">Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

", + "otherinfo": "

The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet.

", + "reference": "", + "cweid": "615", + "wascid": "13", + "sourceid": "21" + }, + { + "pluginid": "10109", + "alertRef": "10109", + "alert": "Modern Web Application", + "name": "Modern Web Application", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

", + "instances":[ + { + "id": "36", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "4", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "105", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "104", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "99", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "106", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:286:9", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "102", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "98", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "103", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "107", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:421:3", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "37", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + } + ], + "count": "11", + "solution": "

This is an informational alert and so no changes are required.

", + "otherinfo": "

No links have been found while there are scripts, which is an indication that this is a modern web application.

", + "reference": "", + "cweid": "-1", + "wascid": "-1", + "sourceid": "10" + }, + { + "pluginid": "10049", + "alertRef": "10049-3", + "alert": "Storable and Cacheable Content", + "name": "Storable and Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where \"shared\" caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

", + "instances":[ + { + "id": "13", + "uri": "http://localhost:3000/robots.txt", + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234." + } + ], + "count": "1", + "solution": "

Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.

", + "otherinfo": "

In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.

", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "7" + }, + { + "pluginid": "10049", + "alertRef": "10049-2", + "alert": "Storable but Non-Cacheable Content", + "name": "Storable but Non-Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.

", + "instances":[ + { + "id": "47", + "uri": "http://localhost:3000", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "8", + "uri": "http://localhost:3000/", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "17", + "uri": "http://localhost:3000/assets/public/favicon_js.ico", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "76", + "uri": "http://localhost:3000/ftp/acquisitions.md", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "80", + "uri": "http://localhost:3000/ftp/incident-support.kdbx", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "62", + "uri": "http://localhost:3000/main.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "22", + "uri": "http://localhost:3000/polyfills.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "18", + "uri": "http://localhost:3000/runtime.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "49", + "uri": "http://localhost:3000/sitemap.xml", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "59", + "uri": "http://localhost:3000/styles.css", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "67", + "uri": "http://localhost:3000/vendor.js", + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + } + ], + "count": "11", + "solution": "", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "10" + }, + { + "pluginid": "10104", + "alertRef": "10104", + "alert": "User Agent Fuzzer", + "name": "User Agent Fuzzer", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.

", + "instances":[ + { + "id": "112", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "110", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "108", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "114", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", + "evidence": "", + "otherinfo": "" + }, + { + "id": "116", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "130", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", + "evidence": "", + "otherinfo": "" + }, + { + "id": "128", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "118", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "122", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "126", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4", + "evidence": "", + "otherinfo": "" + }, + { + "id": "124", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16", + "evidence": "", + "otherinfo": "" + }, + { + "id": "120", + "uri": "http://localhost:3000/assets", + "method": "GET", + "param": "Header User-Agent", + "attack": "msnbot/1.1 (+http://search.msn.com/msnbot.htm)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "113", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "111", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "109", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "115", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", + "evidence": "", + "otherinfo": "" + }, + { + "id": "117", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "131", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", + "evidence": "", + "otherinfo": "" + }, + { + "id": "129", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0", + "evidence": "", + "otherinfo": "" + }, + { + "id": "119", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "123", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", + "evidence": "", + "otherinfo": "" + }, + { + "id": "127", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4", + "evidence": "", + "otherinfo": "" + }, + { + "id": "125", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16", + "evidence": "", + "otherinfo": "" + }, + { + "id": "121", + "uri": "http://localhost:3000/assets/public", + "method": "GET", + "param": "Header User-Agent", + "attack": "msnbot/1.1 (+http://search.msn.com/msnbot.htm)", + "evidence": "", + "otherinfo": "" + } + ], + "count": "24", + "solution": "", + "otherinfo": "", + "reference": "

https://owasp.org/wstg

", + "cweid": "0", + "wascid": "0", + "sourceid": "1880" + } + ] + } + ], + "sequences":[ + ] + +} diff --git a/labs/lab5/zap/zap-report-noauth.xml b/labs/lab5/zap/zap-report-noauth.xml new file mode 100644 index 00000000..e0a8f2c9 --- /dev/null +++ b/labs/lab5/zap/zap-report-noauth.xml @@ -0,0 +1,2004 @@ + + + <@programName>ZAP + <@version>2.16.1 + <@generated>Mon, 29 Sept 2025 13:57:45 + 2025-09-29T13:57:45.393340259Z + + <@name>https://localhost:3000 + <@host>localhost + <@port>3000 + <@ssl>true + + + + <@name>http://localhost:3000 + <@host>localhost + <@port>3000 + <@ssl>false + + 10095 + 10095 + Backup File Disclosure + Backup File Disclosure + 2 + 2 + Medium (Medium) + <p>A backup of the file was disclosed by the web server.</p> + + 143 + http://localhost:3000/ftp/quarantine%20-%20Copy + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy] + + + 144 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2) + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2) + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)] + + + 152 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_amd_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_amd_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_amd_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_amd_64.url] + + + 148 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_arm_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_arm_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_arm_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_linux_arm_64.url] + + + 156 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_macos_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_macos_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_macos_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_macos_64.url] + + + 160 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_windows_64.exe.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_windows_64.exe.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_windows_64.exe.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(2)/juicy_malware_windows_64.exe.url] + + + 145 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3) + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3) + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)] + + + 153 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_amd_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_amd_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_amd_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_amd_64.url] + + + 149 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_arm_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_arm_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_arm_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_linux_arm_64.url] + + + 157 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_macos_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_macos_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_macos_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_macos_64.url] + + + 161 + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_windows_64.exe.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_windows_64.exe.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_windows_64.exe.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy%20(3)/juicy_malware_windows_64.exe.url] + + + 150 + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_amd_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_amd_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_amd_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_amd_64.url] + + + 147 + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_arm_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_arm_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_arm_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_linux_arm_64.url] + + + 155 + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_macos_64.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_macos_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_macos_64.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_macos_64.url] + + + 159 + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_windows_64.exe.url + GET + + + http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_windows_64.exe.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_windows_64.exe.url] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy/juicy_malware_windows_64.exe.url] + + + 134 + http://localhost:3000/ftp/quarantine.bac + GET + + + http://localhost:3000/ftp/quarantine.bac + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.bac] + + + 133 + http://localhost:3000/ftp/quarantine.backup + GET + + + http://localhost:3000/ftp/quarantine.backup + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.backup] + + + 132 + http://localhost:3000/ftp/quarantine.bak + GET + + + http://localhost:3000/ftp/quarantine.bak + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.bak] + + + 137 + http://localhost:3000/ftp/quarantine.jar + GET + + + http://localhost:3000/ftp/quarantine.jar + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.jar] + + + 138 + http://localhost:3000/ftp/quarantine.log + GET + + + http://localhost:3000/ftp/quarantine.log + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.log] + + + 141 + http://localhost:3000/ftp/quarantine.old + GET + + + http://localhost:3000/ftp/quarantine.old + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.old] + + + 139 + http://localhost:3000/ftp/quarantine.swp + GET + + + http://localhost:3000/ftp/quarantine.swp + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.swp] + + + 136 + http://localhost:3000/ftp/quarantine.tar + GET + + + http://localhost:3000/ftp/quarantine.tar + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.tar] + + + 135 + http://localhost:3000/ftp/quarantine.zip + GET + + + http://localhost:3000/ftp/quarantine.zip + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.zip] + + + 142 + http://localhost:3000/ftp/quarantine.~bk + GET + + + http://localhost:3000/ftp/quarantine.~bk + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine.~bk] + + + 146 + http://localhost:3000/ftp/quarantinebackup + GET + + + http://localhost:3000/ftp/quarantinebackup + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantinebackup] + + + 154 + http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_amd_64.url + GET + + + http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_amd_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_amd_64.url] is available at [http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_amd_64.url] + + + 151 + http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_arm_64.url + GET + + + http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_arm_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_linux_arm_64.url] is available at [http://localhost:3000/ftp/quarantinebackup/juicy_malware_linux_arm_64.url] + + + 158 + http://localhost:3000/ftp/quarantinebackup/juicy_malware_macos_64.url + GET + + + http://localhost:3000/ftp/quarantinebackup/juicy_malware_macos_64.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_macos_64.url] is available at [http://localhost:3000/ftp/quarantinebackup/juicy_malware_macos_64.url] + + + 162 + http://localhost:3000/ftp/quarantinebackup/juicy_malware_windows_64.exe.url + GET + + + http://localhost:3000/ftp/quarantinebackup/juicy_malware_windows_64.exe.url + + + A backup of [http://localhost:3000/ftp/quarantine/juicy_malware_windows_64.exe.url] is available at [http://localhost:3000/ftp/quarantinebackup/juicy_malware_windows_64.exe.url] + + + 140 + http://localhost:3000/ftp/quarantine~ + GET + + + http://localhost:3000/ftp/quarantine~ + + + A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine~] + + 31 + <p>Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.</p> + <p>A backup of [http://localhost:3000/ftp/quarantine] is available at [http://localhost:3000/ftp/quarantine%20-%20Copy]</p> + <p>https://cwe.mitre.org/data/definitions/530.html</p><p>https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html</p> + 530 + 34 + 4885 + + + 10038 + 10038-1 + Content Security Policy (CSP) Header Not Set + Content Security Policy (CSP) Header Not Set + 2 + 3 + Medium (High) + <p>Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.</p> + + 21 + http://localhost:3000 + GET + + + + + + + + + + + 0 + http://localhost:3000/ + GET + + + + + + + + + + + 78 + http://localhost:3000/ftp + GET + + + + + + + + + + + 71 + http://localhost:3000/ftp/coupons_2013.md.bak + GET + + + + + + + + + + + 70 + http://localhost:3000/ftp/eastere.gg + GET + + + + + + + + + + + 72 + http://localhost:3000/ftp/encrypt.pyc + GET + + + + + + + + + + + 79 + http://localhost:3000/ftp/package-lock.json.bak + GET + + + + + + + + + + + 77 + http://localhost:3000/ftp/package.json.bak + GET + + + + + + + + + + + 81 + http://localhost:3000/ftp/suspicious_errors.yml + GET + + + + + + + + + + + 89 + http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13 + GET + + + + + + + + + + + 88 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + + + + + + + + + + + 23 + http://localhost:3000/sitemap.xml + GET + + + + + + + + + + 12 + <p>Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.</p> + + + <p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP</p><p>https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html</p><p>https://www.w3.org/TR/CSP/</p><p>https://w3c.github.io/webappsec-csp/</p><p>https://web.dev/articles/csp</p><p>https://caniuse.com/#feat=contentsecuritypolicy</p><p>https://content-security-policy.com/</p> + 693 + 15 + 10 + + + 10098 + 10098 + Cross-Domain Misconfiguration + Cross-Domain Misconfiguration + 2 + 2 + Medium (Medium) + <p>Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.</p> + + 24 + http://localhost:3000 + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 1 + http://localhost:3000/ + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 15 + http://localhost:3000/assets/public/favicon_js.ico + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 74 + http://localhost:3000/ftp/acquisitions.md + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 73 + http://localhost:3000/ftp/eastere.gg + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 75 + http://localhost:3000/ftp/incident-support.kdbx + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 60 + http://localhost:3000/main.js + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 20 + http://localhost:3000/polyfills.js + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 12 + http://localhost:3000/robots.txt + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 14 + http://localhost:3000/runtime.js + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 26 + http://localhost:3000/sitemap.xml + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 16 + http://localhost:3000/styles.css + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + + 65 + http://localhost:3000/vendor.js + GET + + + + + Access-Control-Allow-Origin: * + The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing. + + 13 + <p>Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).</p><p>Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.</p> + <p>The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.</p> + <p>https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy</p> + 264 + 14 + 10 + + + 10106 + 10106 + HTTP Only Site + HTTP Only Site + 2 + 2 + Medium (Medium) + <p>The site is only served under HTTP and not HTTPS.</p> + + 163 + http://localhost:3000 + GET + + + + + + + Failed to connect. +ZAP attempted to connect via: https://localhost:3000 + + 1 + <p>Configure your web or application server to use SSL (https).</p> + <p>Failed to connect.</p><p>ZAP attempted to connect via: https://localhost:3000</p> + <p>https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html</p><p>https://letsencrypt.org/</p> + 311 + 4 + 7649 + + + 10017 + 10017 + Cross-Domain JavaScript Source File Inclusion + Cross-Domain JavaScript Source File Inclusion + 1 + 2 + Low (Medium) + <p>The page includes one or more script files from a third-party domain.</p> + + 29 + http://localhost:3000 + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 31 + http://localhost:3000 + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 2 + http://localhost:3000/ + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 3 + http://localhost:3000/ + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 92 + http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13 + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 95 + http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13 + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 94 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10 + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 97 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10 + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 93 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13 + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 96 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13 + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 90 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 91 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + + 27 + http://localhost:3000/sitemap.xml + GET + //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + + + + + 30 + http://localhost:3000/sitemap.xml + GET + //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js + + + <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script> + + + + 14 + <p>Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.</p> + + + + + 829 + 15 + 10 + + + 10110 + 10110 + Dangerous JS Functions + Dangerous JS Functions + 1 + 1 + Low (Low) + <p>A dangerous JS function seems to be in use that would leave the site vulnerable.</p> + + 63 + http://localhost:3000/main.js + GET + + + + + bypassSecurityTrustHtml( + + + + + 68 + http://localhost:3000/vendor.js + GET + + + + + bypassSecurityTrustHtml( + + + + 2 + <p>See the references for security advice on the use of these functions.</p> + + + <p>https://v17.angular.io/guide/security</p> + 749 + -1 + 21 + + + 10063 + 10063-2 + Deprecated Feature Policy Header Set + Deprecated Feature Policy Header Set + 1 + 2 + Low (Medium) + <p>The header has now been renamed to Permissions-Policy.</p> + + 54 + http://localhost:3000 + GET + + + + + Feature-Policy + + + + + 9 + http://localhost:3000/ + GET + + + + + Feature-Policy + + + + + 82 + http://localhost:3000/ftp/coupons_2013.md.bak + GET + + + + + Feature-Policy + + + + + 85 + http://localhost:3000/ftp/eastere.gg + GET + + + + + Feature-Policy + + + + + 84 + http://localhost:3000/ftp/encrypt.pyc + GET + + + + + Feature-Policy + + + + + 83 + http://localhost:3000/ftp/package.json.bak + GET + + + + + Feature-Policy + + + + + 64 + http://localhost:3000/main.js + GET + + + + + Feature-Policy + + + + + 32 + http://localhost:3000/polyfills.js + GET + + + + + Feature-Policy + + + + + 19 + http://localhost:3000/runtime.js + GET + + + + + Feature-Policy + + + + + 51 + http://localhost:3000/sitemap.xml + GET + + + + + Feature-Policy + + + + + 69 + http://localhost:3000/vendor.js + GET + + + + + Feature-Policy + + + + 11 + <p>Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.</p> + + + <p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy</p><p>https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/</p> + 16 + 15 + 10 + + + 90004 + 90004-2 + Insufficient Site Isolation Against Spectre Vulnerability + Insufficient Site Isolation Against Spectre Vulnerability + 1 + 2 + Low (Medium) + <p>Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).</p> + + 55 + http://localhost:3000 + GET + Cross-Origin-Embedder-Policy + + + + + + + + + 10 + http://localhost:3000/ + GET + Cross-Origin-Embedder-Policy + + + + + + + + + 86 + http://localhost:3000/ftp + GET + Cross-Origin-Embedder-Policy + + + + + + + + + 100 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + Cross-Origin-Embedder-Policy + + + + + + + + + 56 + http://localhost:3000/sitemap.xml + GET + Cross-Origin-Embedder-Policy + + + + + + + + + 58 + http://localhost:3000 + GET + Cross-Origin-Opener-Policy + + + + + + + + + 11 + http://localhost:3000/ + GET + Cross-Origin-Opener-Policy + + + + + + + + + 87 + http://localhost:3000/ftp + GET + Cross-Origin-Opener-Policy + + + + + + + + + 101 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + Cross-Origin-Opener-Policy + + + + + + + + + 57 + http://localhost:3000/sitemap.xml + GET + Cross-Origin-Opener-Policy + + + + + + + + 10 + <p>Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.</p><p>If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).</p> + + + <p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy</p> + 693 + 14 + 10 + + + 10096 + 10096 + Timestamp Disclosure - Unix + Timestamp Disclosure - Unix + 1 + 1 + Low (Low) + <p>A timestamp was disclosed by the application/web server. - Unix</p> + + 38 + http://localhost:3000 + GET + + + + + 1650485437 + 1650485437, which evaluates to: 2022-04-20 20:10:37. + + + 42 + http://localhost:3000 + GET + + + + + 1981395349 + 1981395349, which evaluates to: 2032-10-14 19:35:49. + + + 40 + http://localhost:3000 + GET + + + + + 2038834951 + 2038834951, which evaluates to: 2034-08-10 15:02:31. + + + 5 + http://localhost:3000/ + GET + + + + + 1650485437 + 1650485437, which evaluates to: 2022-04-20 20:10:37. + + + 7 + http://localhost:3000/ + GET + + + + + 1981395349 + 1981395349, which evaluates to: 2032-10-14 19:35:49. + + + 6 + http://localhost:3000/ + GET + + + + + 2038834951 + 2038834951, which evaluates to: 2034-08-10 15:02:31. + + + 44 + http://localhost:3000/sitemap.xml + GET + + + + + 1650485437 + 1650485437, which evaluates to: 2022-04-20 20:10:37. + + + 46 + http://localhost:3000/sitemap.xml + GET + + + + + 1981395349 + 1981395349, which evaluates to: 2032-10-14 19:35:49. + + + 45 + http://localhost:3000/sitemap.xml + GET + + + + + 2038834951 + 2038834951, which evaluates to: 2034-08-10 15:02:31. + + 9 + <p>Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.</p> + <p>1650485437, which evaluates to: 2022-04-20 20:10:37.</p> + <p>https://cwe.mitre.org/data/definitions/200.html</p> + 497 + 13 + 10 + + + 10027 + 10027 + Information Disclosure - Suspicious Comments + Information Disclosure - Suspicious Comments + 0 + 1 + Informational (Low) + <p>The response appears to contain suspicious comments which may help an attacker.</p> + + 61 + http://localhost:3000/main.js + GET + + + + + query + The following pattern was used: \bQUERY\b and was detected in likely comment: "//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP)</a> and is developed and maintained by voluntee", see evidence field for the suspicious comment/snippet. + + + 66 + http://localhost:3000/vendor.js + GET + + + + + Query + The following pattern was used: \bQUERY\b and was detected in likely comment: "//www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M0 256C0 397.4 114.6 512 256 512s256-114.6 256-256S397.4 0 256 0S0 114.6 0", see evidence field for the suspicious comment/snippet. + + 2 + <p>Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.</p> + <p>The following pattern was used: \bQUERY\b and was detected in likely comment: "//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP)</a> and is developed and maintained by voluntee", see evidence field for the suspicious comment/snippet.</p> + + + 615 + 13 + 21 + + + 10109 + 10109 + Modern Web Application + Modern Web Application + 0 + 2 + Informational (Medium) + <p>The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.</p> + + 36 + http://localhost:3000 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 4 + http://localhost:3000/ + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 105 + http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 104 + http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 99 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:280:10 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 106 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:286:9 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 102 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 98 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 103 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 107 + http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:421:3 + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + + 37 + http://localhost:3000/sitemap.xml + GET + + + + + <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script> + No links have been found while there are scripts, which is an indication that this is a modern web application. + + 11 + <p>This is an informational alert and so no changes are required.</p> + <p>No links have been found while there are scripts, which is an indication that this is a modern web application.</p> + + + -1 + -1 + 10 + + + 10049 + 10049-3 + Storable and Cacheable Content + Storable and Cacheable Content + 0 + 2 + Informational (Medium) + <p>The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where "shared" caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.</p> + + 13 + http://localhost:3000/robots.txt + GET + + + + + + + In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234. + + 1 + <p>Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:</p><p>Cache-Control: no-cache, no-store, must-revalidate, private</p><p>Pragma: no-cache</p><p>Expires: 0</p><p>This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.</p> + <p>In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.</p> + <p>https://datatracker.ietf.org/doc/html/rfc7234</p><p>https://datatracker.ietf.org/doc/html/rfc7231</p><p>https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html</p> + 524 + 13 + 7 + + + 10049 + 10049-2 + Storable but Non-Cacheable Content + Storable but Non-Cacheable Content + 0 + 2 + Informational (Medium) + <p>The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.</p> + + 47 + http://localhost:3000 + GET + + + + + max-age=0 + + + + + 8 + http://localhost:3000/ + GET + + + + + max-age=0 + + + + + 17 + http://localhost:3000/assets/public/favicon_js.ico + GET + + + + + max-age=0 + + + + + 76 + http://localhost:3000/ftp/acquisitions.md + GET + + + + + max-age=0 + + + + + 80 + http://localhost:3000/ftp/incident-support.kdbx + GET + + + + + max-age=0 + + + + + 62 + http://localhost:3000/main.js + GET + + + + + max-age=0 + + + + + 22 + http://localhost:3000/polyfills.js + GET + + + + + max-age=0 + + + + + 18 + http://localhost:3000/runtime.js + GET + + + + + max-age=0 + + + + + 49 + http://localhost:3000/sitemap.xml + GET + + + + + max-age=0 + + + + + 59 + http://localhost:3000/styles.css + GET + + + + + max-age=0 + + + + + 67 + http://localhost:3000/vendor.js + GET + + + + + max-age=0 + + + + 11 + + + + + <p>https://datatracker.ietf.org/doc/html/rfc7234</p><p>https://datatracker.ietf.org/doc/html/rfc7231</p><p>https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html</p> + 524 + 13 + 10 + + + 10104 + 10104 + User Agent Fuzzer + User Agent Fuzzer + 0 + 2 + Informational (Medium) + <p>Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.</p> + + 112 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) + + + + + + + 110 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) + + + + + + + 108 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) + + + + + + + 114 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko + + + + + + + 116 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0 + + + + + + + 130 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 + + + + + + + 128 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0 + + + + + + + 118 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + + + + + + + 122 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) + + + + + + + 126 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4 + + + + + + + 124 + http://localhost:3000/assets + GET + Header User-Agent + Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 + + + + + + + 120 + http://localhost:3000/assets + GET + Header User-Agent + msnbot/1.1 (+http://search.msn.com/msnbot.htm) + + + + + + + 113 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) + + + + + + + 111 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) + + + + + + + 109 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) + + + + + + + 115 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko + + + + + + + 117 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0 + + + + + + + 131 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 + + + + + + + 129 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0 + + + + + + + 119 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + + + + + + + 123 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) + + + + + + + 127 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4 + + + + + + + 125 + http://localhost:3000/assets/public + GET + Header User-Agent + Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16 + + + + + + + 121 + http://localhost:3000/assets/public + GET + Header User-Agent + msnbot/1.1 (+http://search.msn.com/msnbot.htm) + + + + + + 24 + + + + + <p>https://owasp.org/wstg</p> + 0 + 0 + 1880 + + + + \ No newline at end of file diff --git a/labs/submission10.md b/labs/submission10.md new file mode 100644 index 00000000..44aab1be --- /dev/null +++ b/labs/submission10.md @@ -0,0 +1,24 @@ +# Reporting & Program Metrics + +- **Open vs. Closed (182 vs. 0)**: + - Critical: 17 + - High: 55 + - Medium: 76 + - Low: 5 + - Informational: 29 + +- **Findings per tool**: + - ZAP: 0 + - Semgrep: 25 + - Trivy: 74 + - Nuclei: 18 + - Grype: 65 + +- **Any SLA breaches or items due within the next 14 days**: 17 + +- Top recurring CWE/OWASP categories: + - CWE-89 + - CWE-79 + - CWE-73 + - CWE-548 + - CWE-674 \ No newline at end of file