Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAkshayravic09yc47F076D76A-661C-4484-A4C3-0712869E43E1
HistoryMar 18, 2022 - 4:59 p.m.

Using vulnerable dependencies in package.json

2022-03-1816:59:02
akshayravic09yc47
www.huntr.dev
168
JSON

Description

  1. Hello team, The Showdoc is using a axios 0.17.1 dependency that is vulnerable to:👇
1. CVE-2021-3749 Regular Expression Denial of Service (ReDoS)
2. CVE-2020-28168 Server-Side Request Forgery (SSRF)
3. CVE-2019-10742 Denial of Service (DoS)

Path to the file:

https://github.com/star7th/showdoc/blob/3caa32334db0c277b84e993eaca2036f5d1dbef8/web_src/package.json#L17

Reference:

https://vulners.com/cve/CVE-2021-3749
https://vulners.com/cve/CVE-2020-28168
https://vulners.com/cve/CVE-2019-10742

Patch recommendation:

  1. Update the axios 0.17.1 to axios 0.21.3

Related

ibm 20
prion 3
osv 6
github 3
veracode 3
cve 3
githubexploit 1
ubuntucve 3
debiancve 3
nodejs 1
redhatcve 2
redhat 5
huntr 1
ics 1
nessus 2
oracle 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Node.js axios affect IBM Cloud Pak System[CVE-2021-3749, CVE-2020-28168]
2023-12-29 16:16:14
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a Server-Side Request Forgery vulnerability (CVE-2020-28168)
2021-04-29 10:59:12
Security Bulletin: IBM Sterling Control Center is vulnerable to server-side request forgery due to Node.js axios module (CVE-2020-28168)
2022-06-13 17:09:46
prion
prion
Server side request forgery (ssrf)
2020-11-06 20:15:00
Design/Logic Flaw
2019-05-07 19:29:00
Design/Logic Flaw
2021-08-31 11:15:00
osv
osv
Axios vulnerable to Server-Side Request Forgery
2021-01-04 20:59:40
Denial of Service in axios
2019-05-29 18:04:45
CVE-2019-10742
2019-05-07 19:29:00
github
github
Axios vulnerable to Server-Side Request Forgery
2021-01-04 20:59:40
Denial of Service in axios
2019-05-29 18:04:45
axios Inefficient Regular Expression Complexity vulnerability
2021-09-01 18:23:02
veracode
veracode
Denial Of Service (DoS)
2018-04-17 08:21:38
Server-Side Request Forgery (SSRF)
2020-11-09 11:41:33
Regular Expression Denial Of Service (ReDoS)
2021-09-02 09:18:34
cve
cve
CVE-2019-10742
2019-05-07 19:29:00
CVE-2020-28168
2020-11-06 20:15:00
CVE-2021-3749
2021-08-31 11:15:00
githubexploit
githubexploit
Exploit for Improper Handling of Exceptional Conditions in Axios
2020-12-01 09:18:57
ubuntucve
ubuntucve
CVE-2019-10742
2019-05-07 00:00:00
CVE-2020-28168
2020-11-06 00:00:00
CVE-2021-3749
2021-08-31 00:00:00
debiancve
debiancve
CVE-2019-10742
2019-05-07 19:29:00
CVE-2020-28168
2020-11-06 20:15:00
CVE-2021-3749
2021-08-31 11:15:00
nodejs
nodejs
Server-Side Request Forgery
2021-01-04 21:04:59
redhatcve
redhatcve
CVE-2020-28168
2020-11-09 19:38:12
CVE-2021-3749
2021-08-31 18:51:02
redhat
redhat
(RHSA-2021:3694) Moderate: Migration Toolkit for Containers (MTC) 1.6.0 security & bugfix update
2021-09-29 14:30:52
(RHSA-2022:1276) Important: Red Hat OpenShift Service Mesh 2.0.9 security update
2022-04-07 17:26:44
(RHSA-2021:4618) Important: Red Hat Advanced Cluster Management 2.4 images and security updates
2021-11-10 19:24:59
huntr
huntr
Inefficient Regular Expression Complexity in axios/axios
2021-08-26 09:12:17
ics
ics
Siemens SINEC INS
2022-09-15 12:00:00
nessus
nessus
RHEL 8 : Red Hat OpenShift Service Mesh 2.0.9 (RHSA-2022:1276)
2022-04-08 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
JSON
Related for F076D76A-661C-4484-A4C3-0712869E43E1
ibm20prion3osv6github3veracode3cve3githubexploit1ubuntucve3debiancve3nodejs1redhatcve2redhat5huntr1ics1nessus2oracle1