Skip to content

Commit

Permalink
Fix version range for next, and add CVE-2024-48910
Browse files Browse the repository at this point in the history
  • Loading branch information
@eoftedal
eoftedal committed Nov 8, 2024
1 parent 8b9d089 commit 32079d2
Show file tree
Hide file tree
Showing 5 changed files with 115 additions and 5 deletions.
24 changes: 23 additions & 1 deletion repository/jsrepository-master.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3177,6 +3177,28 @@
"bowername": ["dompurify", "DOMPurify"],
"npmname": "dompurify",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "0",
"below": "2.4.2"
}
],
"summary": "DOMPurify vulnerable to tampering by prototype polution",
"cwe": ["CWE-1321"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-48910"],
"githubID": "GHSA-p3vf-v8qc-cwcr"
},
"info": [
"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"https://github.com/cure53/DOMPurify"
]
},
{
"ranges": [
{
Expand Down Expand Up @@ -5199,7 +5221,7 @@
{
"ranges": [
{
"atOrAbove": "13.4.0",
"atOrAbove": "13.3.1",
"below": "13.5.0"
}
],
Expand Down
24 changes: 23 additions & 1 deletion repository/jsrepository-v2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4471,6 +4471,28 @@
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.4.2",
"cwe": [
"CWE-1321"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify vulnerable to tampering by prototype polution",
"CVE": [
"CVE-2024-48910"
],
"githubID": "GHSA-p3vf-v8qc-cwcr"
},
"info": [
"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "0",
"below": "2.5.0",
Expand Down Expand Up @@ -6878,7 +6900,7 @@
]
},
{
"atOrAbove": "13.4.0",
"atOrAbove": "13.3.1",
"below": "13.5.0",
"cwe": [
"CWE-400"
Expand Down
24 changes: 23 additions & 1 deletion repository/jsrepository-v3.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4568,6 +4568,28 @@
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.4.2",
"cwe": [
"CWE-1321"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify vulnerable to tampering by prototype polution",
"CVE": [
"CVE-2024-48910"
],
"githubID": "GHSA-p3vf-v8qc-cwcr"
},
"info": [
"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "0",
"below": "2.5.0",
Expand Down Expand Up @@ -7040,7 +7062,7 @@
]
},
{
"atOrAbove": "13.4.0",
"atOrAbove": "13.3.1",
"below": "13.5.0",
"cwe": [
"CWE-400"
Expand Down
24 changes: 23 additions & 1 deletion repository/jsrepository-v4.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4567,6 +4567,28 @@
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.4.2",
"cwe": [
"CWE-1321"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify vulnerable to tampering by prototype polution",
"CVE": [
"CVE-2024-48910"
],
"githubID": "GHSA-p3vf-v8qc-cwcr"
},
"info": [
"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "0",
"below": "2.5.0",
Expand Down Expand Up @@ -7039,7 +7061,7 @@
]
},
{
"atOrAbove": "13.4.0",
"atOrAbove": "13.3.1",
"below": "13.5.0",
"cwe": [
"CWE-400"
Expand Down
24 changes: 23 additions & 1 deletion repository/jsrepository.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4435,6 +4435,28 @@
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.4.2",
"cwe": [
"CWE-1321"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify vulnerable to tampering by prototype polution",
"CVE": [
"CVE-2024-48910"
],
"githubID": "GHSA-p3vf-v8qc-cwcr"
},
"info": [
"https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "0",
"below": "2.5.0",
Expand Down Expand Up @@ -6817,7 +6839,7 @@
]
},
{
"atOrAbove": "13.4.0",
"atOrAbove": "13.3.1",
"below": "13.5.0",
"cwe": [
"CWE-400"
Expand Down

0 comments on commit 32079d2

Please sign in to comment.