1 | {
|
2 | "retire-example": {
|
3 | "vulnerabilities" : [
|
4 | { "below" : "0.0.2", "info" : [ "http://github.com/eoftedal/retire.js/" ] }
|
5 | ],
|
6 | "extractors" : {
|
7 | "func" : [ "retire.VERSION" ],
|
8 | "filename" : [ "retire-example-(§§version§§)(.min)?\\.js" ],
|
9 | "filecontent" : [ "/\\*!? Retire-example v(§§version§§)" ],
|
10 | "hashes" : { "07f8b94c8d601a24a1914a1a92bec0e4fafda964" : "0.0.1" }
|
11 | }
|
12 | },
|
13 |
|
14 | "jquery": {
|
15 | "vulnerabilities" : [
|
16 | {
|
17 | "below" : "1.6.3",
|
18 | "severity": "medium",
|
19 | "identifiers": { "CVE": "CVE-2011-4969" },
|
20 | "info" : [ "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969" , "http://research.insecurelabs.org/jquery/test/" ]
|
21 | },
|
22 | {
|
23 | "below" : "1.9.0b1",
|
24 | "identifiers": {
|
25 | "bug": "11290",
|
26 | "summary": "Selector interpreted as HTML"
|
27 | },
|
28 | "severity": "medium",
|
29 | "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]}
|
30 | ],
|
31 | "extractors" : {
|
32 | "func" : [ "jQuery.fn.jquery" ],
|
33 | "uri" : [ "/(§§version§§)/jquery(\\.min)?\\.js" ],
|
34 | "filename" : [ "jquery-(§§version§§)(\\.min)?\\.js" ],
|
35 | "filecontent" : [
|
36 | "/\\*!? jQuery v(§§version§§)", "\\* jQuery JavaScript Library v(§§version§§)",
|
37 | "\\* jQuery (§§version§§) - New Wave Javascript", "// \\$Id: jquery.js,v (§§version§§)",
|
38 | "/\\*! jQuery v(§§version§§)", "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
|
39 | "[^a-z]jquery:[ ]?\"(§§version§§)\""
|
40 | ],
|
41 | "hashes" : {}
|
42 | }
|
43 | },
|
44 | "jquery-migrate" : {
|
45 | "vulnerabilities" : [
|
46 | {
|
47 | "below" : "1.2.0",
|
48 | "severity": "medium",
|
49 | "identifiers": {
|
50 | "release": "jQuery Migrate 1.2.0 Released",
|
51 | "summary": "cross-site-scripting"
|
52 | },
|
53 | "info" : [ "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/" ]
|
54 | },
|
55 | {
|
56 | "below" : "1.2.2",
|
57 | "severity": "medium",
|
58 | "identifiers": {
|
59 | "bug": "11290",
|
60 | "summary": "Selector interpreted as HTML"
|
61 | },
|
62 | "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]
|
63 | }
|
64 | ],
|
65 | "extractors" : {
|
66 | "filename" : [ "jquery-migrate-(§§version§§)(.min)?\\.js" ],
|
67 | "filecontent" : [ "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)" ],
|
68 | "hashes" : {}
|
69 | }
|
70 | },
|
71 | "jquery-mobile" : {
|
72 | "vulnerabilities" : [
|
73 | {
|
74 | "below" : "1.0RC2",
|
75 | "severity": "high",
|
76 | "identifiers": {"osvdb": ["94563", "93562", "94316", "94561", "94560"]},
|
77 | "info" : [ "http://osvdb.org/show/osvdb/94563", "http://osvdb.org/show/osvdb/94562", "http://osvdb.org/show/osvdb/94316", "http://osvdb.org/show/osvdb/94561", "http://osvdb.org/show/osvdb/94560" ]
|
78 | },
|
79 | {
|
80 | "below" : "1.0.1",
|
81 | "severity": "high",
|
82 | "identifiers": {"osvdb": "94317"},
|
83 | "info": [ "http://osvdb.org/show/osvdb/94317" ]
|
84 | },
|
85 | {
|
86 | "below" : "1.1.2",
|
87 | "severity": "medium",
|
88 | "identifiers": {
|
89 | "issue": "4787",
|
90 | "release": "http://jquerymobile.com/changelog/1.1.2/",
|
91 | "summary": "location.href cross-site scripting"
|
92 | },
|
93 | "info": [ "http://jquerymobile.com/changelog/1.1.2/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
|
94 | },
|
95 | {
|
96 | "below" : "1.2.0",
|
97 | "severity": "medium",
|
98 | "identifiers": {
|
99 | "issue": "4787",
|
100 | "release": "http://jquerymobile.com/changelog/1.2.0/",
|
101 | "summary": "location.href cross-site scripting"
|
102 | },
|
103 | "info": [ "http://jquerymobile.com/changelog/1.2.0/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
|
104 | }
|
105 | ],
|
106 | "extractors" : {
|
107 | "func" : [ "jQuery.mobile.version" ],
|
108 | "filename" : [ "jquery.mobile-(§§version§§)(.min)?\\.js" ],
|
109 | "uri" : [ "/(§§version§§)/jquery.mobile(\\.min)?\\.js" ],
|
110 | "filecontent" : [ "/\\*!?(?:\n \\*)? jQuery Mobile(?: -)? v(§§version§§)" ],
|
111 | "hashes" : {}
|
112 | }
|
113 | },
|
114 | "jquery-ui-dialog" : {
|
115 | "vulnerabilities" : [
|
116 | {
|
117 | "atOrAbove": "1.8.9",
|
118 | "below" : "1.10.0",
|
119 | "severity": "medium",
|
120 | "identifiers": {
|
121 | "bug": "6016",
|
122 | "summary": "Title cross-site scripting vulnerability"
|
123 | },
|
124 | "info" : [ "http://bugs.jqueryui.com/ticket/6016" ]
|
125 | }
|
126 | ],
|
127 | "extractors" : {
|
128 | "func" : [ "jQuery.ui.dialog.version" ],
|
129 | "filecontent" : [
|
130 | "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
|
131 | "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
|
132 | "/\\*!?[\n *]+jQuery UI Dialog (§§version§§)"
|
133 | ],
|
134 | "hashes" : {}
|
135 | }
|
136 | },
|
137 | "jquery-ui-autocomplete" : {
|
138 | "vulnerabilities" : [ ],
|
139 | "extractors" : {
|
140 | "func" : [ "jQuery.ui.autocomplete.version" ],
|
141 | "filecontent" : [
|
142 | "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
|
143 | "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
|
144 | "/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)"
|
145 | ],
|
146 | "hashes" : {}
|
147 | }
|
148 | },
|
149 | "jquery-ui-tooltip" : {
|
150 | "vulnerabilities" : [
|
151 | {
|
152 | "atOrAbove": "1.9.2",
|
153 | "below" : "1.10.0",
|
154 | "severity": "high",
|
155 | "identifiers": {
|
156 | "bug": "8859",
|
157 | "summary": "Autocomplete cross-site scripting vulnerability"
|
158 | },
|
159 | "info" : [ "http://bugs.jqueryui.com/ticket/8859" ]
|
160 | }
|
161 | ],
|
162 | "extractors" : {
|
163 | "func" : [ "jQuery.ui.tooltip.version" ],
|
164 | "filecontent" : [
|
165 | "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
|
166 | "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
|
167 | "/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
|
168 | ],
|
169 | "hashes" : {}
|
170 | }
|
171 | },
|
172 | "jquery.prettyPhoto" : {
|
173 | "vulnerabilities" : [
|
174 | {
|
175 | "below" : "3.1.5",
|
176 | "severity": "high",
|
177 | "identifiers": {"CVE": "CVE-2013-6837"},
|
178 | "info" : [ "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3" ]
|
179 | }
|
180 | ],
|
181 | "extractors" : {
|
182 | "func" : [ "jQuery.prettyPhoto.version" ],
|
183 | "filecontent" : [
|
184 | "/\\*(?:.*[\n\r]+){1,3}.*Class: prettyPhoto(?:.*[\n\r]+){1,3}.*Version: (§§version§§)",
|
185 | "\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
|
186 | ],
|
187 | "hashes" : {}
|
188 | }
|
189 | },
|
190 | "jPlayer" : {
|
191 | "vulnerabilities" : [
|
192 | {
|
193 | "below" : "2.4.0",
|
194 | "severity": "high",
|
195 | "identifiers": {"CVE": "CVE-2013-2023"},
|
196 | "info" : [ "http://jplayer.org/latest/release-notes/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2023" ]
|
197 | },
|
198 | {
|
199 | "below" : "2.3.0",
|
200 | "severity": "high",
|
201 | "identifiers": {"CVE": ["CVE-2013-1942", "CVE-2013-2022"]},
|
202 | "info" : [ "http://jplayer.org/latest/release-notes/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1942", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2022" ]
|
203 | },
|
204 | {
|
205 | "below" : "2.2.0",
|
206 | "severity": "high",
|
207 | "identifiers": {
|
208 | "release": "2.2.0",
|
209 | "summary": "Flash SWF vulnerability"
|
210 | },
|
211 | "info" : [ "http://jplayer.org/latest/release-notes/" ]
|
212 | }
|
213 | ],
|
214 | "extractors" : {
|
215 | "func" : [ "new jQuery.jPlayer().version.script" ],
|
216 | "filecontent" : [
|
217 | "/\\*(?:.*[\n\r]+){1,3}.*jPlayer Plugin for jQuery(?:.*[\n\r]+){1,10}.*Version: (§§version§§)"
|
218 | ],
|
219 | "hashes" : {}
|
220 | }
|
221 | },
|
222 | "sessvars": {
|
223 | "vulnerabilities" : [
|
224 | {
|
225 | "below" : "1.01",
|
226 | "severity": "low",
|
227 | "identifiers": {"summary": "Unsanitized data passed to eval()"},
|
228 | "info" : [ "http://www.thomasfrank.se/sessionvars.html" ]
|
229 | }
|
230 | ],
|
231 | "extractors" : {
|
232 | "filename" : [ "sessvars-(§§version§§)(.min)?\\.js"],
|
233 | "filecontent" : [ "sessvars ver (§§version§§)"],
|
234 | "hashes" : {}
|
235 | }
|
236 | },
|
237 | "YUI" : {
|
238 | "vulnerabilities" : [
|
239 | {
|
240 | "atOrAbove" : "3.5.0" ,
|
241 | "below" : "3.9.2",
|
242 | "severity": "high",
|
243 | "identifiers": {"CVE": "CVE-2013-4942"},
|
244 | "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4942/" ]
|
245 | },
|
246 | {
|
247 | "atOrAbove" : "3.2.0" ,
|
248 | "below" : "3.9.2",
|
249 | "severity": "high",
|
250 | "identifiers": {"CVE": "CVE-2013-4941"},
|
251 | "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4941/" ]
|
252 | },
|
253 | {
|
254 | "below" : "3.10.3",
|
255 | "severity": "high",
|
256 | "identifiers": {"CVE": "CVE-2013-4940"},
|
257 | "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4940/" ]
|
258 | },
|
259 | {
|
260 | "atOrAbove" : "3.0.0" ,
|
261 | "below" : "3.9.2",
|
262 | "severity": "high",
|
263 | "identifiers": {"CVE": "CVE-2013-4939"},
|
264 | "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4939/" ]
|
265 | },
|
266 | {
|
267 | "atOrAbove" : "2.8.0" ,
|
268 | "below" : "2.9.1",
|
269 | "severity": "high",
|
270 | "identifiers": {"CVE": "CVE_2012-5883"},
|
271 | "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5883/" ]
|
272 | },
|
273 | {
|
274 | "atOrAbove" : "2.5.0" ,
|
275 | "below" : "2.9.1",
|
276 | "severity": "high",
|
277 | "identifiers": {"CVE": "CVE-2012-5882"},
|
278 | "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5882/" ]
|
279 | },
|
280 | {
|
281 | "atOrAbove" : "2.4.0" ,
|
282 | "below" : "2.9.1",
|
283 | "severity": "high",
|
284 | "identifiers": {"CVE": "CVE-2012-5881"},
|
285 | "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5881/" ]
|
286 | },
|
287 | {
|
288 | "below" : "2.9.0",
|
289 | "severity": "medium",
|
290 | "identifiers": {"CVE": "CVE-2010-4710"},
|
291 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4710/" ]
|
292 | },
|
293 | {
|
294 | "atOrAbove" : "2.8.0" ,
|
295 | "below" : "2.8.2",
|
296 | "severity": "high",
|
297 | "identifiers": {"CVE": "CVE-2010-4209"},
|
298 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4209/" ]
|
299 | },
|
300 | {
|
301 | "atOrAbove" : "2.5.0" ,
|
302 | "below" : "2.8.2",
|
303 | "severity": "high",
|
304 | "identifiers": {"CVE": "CVE-2010-4208"},
|
305 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4208/" ]
|
306 | },
|
307 | {
|
308 | "atOrAbove" : "2.4.0" ,
|
309 | "below" : "2.8.2",
|
310 | "severity": "high",
|
311 | "identifiers": {"CVE": "CVE-2010-4207"},
|
312 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4207/" ]
|
313 | }
|
314 | ],
|
315 | "extractors" : {
|
316 | "func" : [ "YUI.Version" ],
|
317 | "filename" : [ "yui-(§§version§§)(.min)?\\.js"],
|
318 | "filecontent" : [ "YUI (§§version§§)", "/yui/license.(?:html|txt)\nversion: (§§version§§)"],
|
319 | "hashes" : {}
|
320 | }
|
321 | },
|
322 | "prototypejs" : {
|
323 | "vulnerabilities" : [
|
324 | {
|
325 | "atOrAbove" : "1.6.0",
|
326 | "below" : "1.6.0.2",
|
327 | "severity": "high",
|
328 | "identifiers": {"CVE": "CVE-2008-7220"},
|
329 | "info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/" ] },
|
330 | {
|
331 | "below" : "1.5.1.2",
|
332 | "severity": "high",
|
333 | "identifiers": {"CVE": "CVE-2008-7220"},
|
334 | "info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/" ] }
|
335 | ],
|
336 | "extractors" : {
|
337 | "func" : [ "Prototype.Version" ],
|
338 | "uri" : [ "/(§§version§§)/prototype(\\.min)?\\.js" ],
|
339 | "filename" : [ "prototype-(§§version§§)(.min)?\\.js" ],
|
340 | "filecontent" : [ "Prototype JavaScript framework, version (§§version§§)",
|
341 | "Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")" ],
|
342 | "hashes" : {}
|
343 | }
|
344 | },
|
345 | "ember" : {
|
346 | "vulnerabilities" : [
|
347 | {
|
348 | "atOrAbove" : "1.3.0-*",
|
349 | "below" : "1.3.2",
|
350 | "severity": "medium",
|
351 | "identifiers": {"CVE": "CVE-2014-0046"},
|
352 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ]
|
353 | },
|
354 | {
|
355 | "atOrAbove" : "1.2.0-*",
|
356 | "below" : "1.2.2",
|
357 | "severity": "medium",
|
358 | "identifiers": {"CVE": "CVE-2014-0046"},
|
359 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ] },
|
360 | {
|
361 | "atOrAbove" : "1.4.0-*",
|
362 | "below" : "1.4.0-beta.2",
|
363 | "severity": "high",
|
364 | "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
|
365 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
|
366 | },
|
367 | {
|
368 | "atOrAbove" : "1.3.0-*",
|
369 | "below" : "1.3.1",
|
370 | "severity": "high",
|
371 | "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
|
372 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
|
373 | },
|
374 | {
|
375 | "atOrAbove" : "1.2.0-*",
|
376 | "below" : "1.2.1",
|
377 | "severity": "high",
|
378 | "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
|
379 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
|
380 | },
|
381 | {
|
382 | "atOrAbove" : "1.1.0-*",
|
383 | "below" : "1.1.3",
|
384 | "severity": "high",
|
385 | "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
|
386 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
|
387 | },
|
388 | {
|
389 | "atOrAbove" : "1.0.0-*",
|
390 | "below" : "1.0.1",
|
391 | "severity": "high",
|
392 | "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
|
393 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
|
394 | },
|
395 | {
|
396 | "atOrAbove" : "1.0.0-rc.1",
|
397 | "below" : "1.0.0-rc.1.1",
|
398 | "severity": "medium",
|
399 | "identifiers": {"CVE": "CVE-2013-4170"},
|
400 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
401 | },
|
402 | {
|
403 | "atOrAbove" : "1.0.0-rc.2",
|
404 | "below" : "1.0.0-rc.2.1",
|
405 | "severity": "medium",
|
406 | "identifiers": {"CVE": "CVE-2013-4170"},
|
407 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
408 | },
|
409 | {
|
410 | "atOrAbove" : "1.0.0-rc.3",
|
411 | "below" : "1.0.0-rc.3.1",
|
412 | "severity": "medium",
|
413 | "identifiers": {"CVE": "CVE-2013-4170"},
|
414 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
415 | },
|
416 | {
|
417 | "atOrAbove" : "1.0.0-rc.4",
|
418 | "below" : "1.0.0-rc.4.1",
|
419 | "severity": "medium",
|
420 | "identifiers": {"CVE": "CVE-2013-4170"},
|
421 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
422 | },
|
423 | {
|
424 | "atOrAbove" : "1.0.0-rc.5",
|
425 | "below" : "1.0.0-rc.5.1",
|
426 | "severity": "medium",
|
427 | "identifiers": {"CVE": "CVE-2013-4170"},
|
428 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
429 | },
|
430 | {
|
431 | "atOrAbove" : "1.0.0-rc.6",
|
432 | "below" : "1.0.0-rc.6.1",
|
433 | "severity": "medium",
|
434 | "identifiers": {"CVE": "CVE-2013-4170"},
|
435 | "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
|
436 | },
|
437 | {
|
438 | "below" : "0.9.7.1",
|
439 | "info" : [ "https://github.com/emberjs/ember.js/blob/master/CHANGELOG" ]
|
440 | },
|
441 | {
|
442 | "below" : "0.9.7",
|
443 | "severity": "high",
|
444 | "identifiers": {
|
445 | "bug": "699",
|
446 | "summary": "Bound attributes aren't escaped properly"
|
447 | },
|
448 | "info" : [ "https://github.com/emberjs/ember.js/issues/699" ]
|
449 | }
|
450 | ],
|
451 | "extractors" : {
|
452 | "func" : [ "Ember.VERSION" ],
|
453 | "uri" : [ "/(?:v)?(§§version§§)/ember(\\.min)?\\.js" ],
|
454 | "filename" : [ "ember-(§§version§§)(\\.min)?\\.js" ],
|
455 | "filecontent" : [
|
456 | "Project: Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
|
457 | "// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
|
458 | "Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")"
|
459 | ],
|
460 | "hashes" : {}
|
461 | }
|
462 | },
|
463 | "dojo" : {
|
464 | "vulnerabilities" : [
|
465 | {
|
466 | "atOrAbove" : "0.4",
|
467 | "below" : "0.4.4",
|
468 | "severity": "high",
|
469 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2272"]},
|
470 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2272/" ]
|
471 | },
|
472 | {
|
473 | "atOrAbove" : "1.0",
|
474 | "below" : "1.0.3",
|
475 | "severity": "high",
|
476 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
|
477 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
|
478 | },
|
479 | {
|
480 | "atOrAbove" : "1.1",
|
481 | "below" : "1.1.2",
|
482 | "severity": "high",
|
483 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
|
484 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
|
485 | },
|
486 | {
|
487 | "atOrAbove" : "1.2",
|
488 | "below" : "1.2.4",
|
489 | "severity": "high",
|
490 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
|
491 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
|
492 | },
|
493 | {
|
494 | "atOrAbove" : "1.3",
|
495 | "below" : "1.3.3",
|
496 | "severity": "high",
|
497 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
|
498 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
|
499 | },
|
500 | {
|
501 | "atOrAbove" : "1.4",
|
502 | "below" : "1.4.2",
|
503 | "severity": "high",
|
504 | "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
|
505 | "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
|
506 | },
|
507 | {
|
508 | "below" : "1.4.2",
|
509 | "severity": "medium",
|
510 | "identifiers": {"CVE": "CVE-2010-2275"},
|
511 | "info" : [ "http://www.cvedetails.com/cve/CVE-2010-2275/"]
|
512 | },
|
513 | {
|
514 | "below" : "1.1",
|
515 | "severity": "medium",
|
516 | "identifiers": {"CVE": "CVE-2008-6681"},
|
517 | "info" : [ "http://www.cvedetails.com/cve/CVE-2008-6681/"]
|
518 | }
|
519 |
|
520 |
|
521 | ],
|
522 | "extractors" : {
|
523 | "func" : [ "dojo.version.toString()" ],
|
524 | "uri" : [ "/(?:dojo-)?(§§version§§)/dojo(\\.min)?\\.js" ],
|
525 | "filename" : [ "dojo-(§§version§§)(\\.min)?\\.js" ],
|
526 | "filecontentreplace" : [ "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"],
|
527 | "hashes" : {
|
528 | "73cdd262799aab850abbe694cd3bfb709ea23627" : "1.4.1",
|
529 | "c8c84eddc732c3cbf370764836a7712f3f873326" : "1.4.0",
|
530 | "d569ce9efb7edaedaec8ca9491aab0c656f7c8f0" : "1.0.0",
|
531 | "ad44e1770895b7fa84aff5a56a0f99b855a83769" : "1.3.2",
|
532 | "8fc10142a06966a8709cd9b8732f7b6db88d0c34" : "1.3.1",
|
533 | "a09b5851a0a3e9d81353745a4663741238ee1b84" : "1.3.0",
|
534 | "2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d" : "1.2.3",
|
535 | "12208a1e649402e362f528f6aae2c614fc697f8f" : "1.2.0",
|
536 | "72a6a9fbef9fa5a73cd47e49942199147f905206" : "1.1.1"
|
537 | }
|
538 |
|
539 | }
|
540 | },
|
541 | "angularjs" : {
|
542 | "vulnerabilities" : [
|
543 | {
|
544 | "below" : "1.2.0",
|
545 | "severity": "high",
|
546 | "identifiers": {
|
547 | "summary": [
|
548 | "execution of arbitrary javascript",
|
549 | "sandboxing fails",
|
550 | "possible cross-site scripting vulnerabilities"
|
551 | ]
|
552 | },
|
553 | "info" : [ "https://code.google.com/p/mustache-security/wiki/AngularJS" ]
|
554 | },
|
555 | {
|
556 | "below" : "1.2.19",
|
557 | "severity": "medium",
|
558 | "identifiers": {
|
559 | "release": "1.3.0-beta.14",
|
560 | "summary": "execution of arbitrary javascript"
|
561 | },
|
562 | "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ]
|
563 | },
|
564 | {
|
565 | "below" : "1.2.24",
|
566 | "severity": "medium",
|
567 | "identifiers": {
|
568 | "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
|
569 | "summary": "execution of arbitrary javascript"
|
570 | },
|
571 | "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"]
|
572 | },
|
573 | {
|
574 | "atOrAbove" : "1.3.0-beta.1",
|
575 | "below" : "1.3.0-beta.14",
|
576 | "severity": "medium",
|
577 | "identifiers": {
|
578 | "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
|
579 | "summary": "execution of arbitrary javascript"
|
580 | },
|
581 | "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ]
|
582 | },
|
583 | {
|
584 | "atOrAbove" : "1.3.0-beta.1",
|
585 | "below" : "1.3.0-rc.1",
|
586 | "severity": "medium",
|
587 | "identifiers": {
|
588 | "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
|
589 | "summary": "execution of arbitrary javascript"
|
590 | },
|
591 | "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"]
|
592 | }
|
593 |
|
594 | ],
|
595 | "extractors" : {
|
596 | "func" : [ "angular.version.full" ],
|
597 | "uri" : [ "/(§§version§§)/angular(\\.min)?\\.js" ],
|
598 | "filename" : [ "angular(?:js)?-(§§version§§)(.min)?\\.js" ],
|
599 | "filecontent" : [ "/\\*[ \n]+AngularJS v(§§version§§)" ],
|
600 | "hashes" : {}
|
601 | }
|
602 | },
|
603 | "backbone.js" : {
|
604 | "vulnerabilities" : [
|
605 | {
|
606 | "below" : "0.5.0",
|
607 | "severity": "medium",
|
608 | "identifiers": {
|
609 | "release": "0.5.0",
|
610 | "summary": "cross-site scripting vulnerability"
|
611 | },
|
612 | "info" : [ "http://backbonejs.org/#changelog" ]
|
613 | }
|
614 | ],
|
615 | "extractors" : {
|
616 | "func" : [ "Backbone.VERSION" ],
|
617 | "uri" : [ "/(§§version§§)/backbone(\\.min)?\\.js" ],
|
618 | "filename" : [ "backbone(?:js)?-(§§version§§)(.min)?\\.js" ],
|
619 | "filecontent" : [ "//[ ]+Backbone.js (§§version§§)", "a=t.Backbone={}}a.VERSION=\"(§§version§§)\"" ],
|
620 | "hashes" : {}
|
621 | }
|
622 | },
|
623 | "mustache.js" : {
|
624 | "vulnerabilities" : [
|
625 | {
|
626 | "below" : "0.3.1",
|
627 | "severity": "high",
|
628 | "identifiers": {
|
629 | "bug": "112",
|
630 | "summary": "execution of arbitrary javascript"
|
631 | },
|
632 | "info" : [ "https://github.com/janl/mustache.js/issues/112" ] } ],
|
633 | "extractors" : {
|
634 | "func" : [ "Mustache.version" ],
|
635 | "uri" : [ "/(§§version§§)/mustache(\\.min)?\\.js" ],
|
636 | "filename" : [ "mustache(?:js)?-(§§version§§)(.min)?\\.js" ],
|
637 | "filecontent" : [ "name:\"mustache.js\",version:\"(§§version§§)\"",
|
638 | "[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
|
639 | "exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
|
640 | ],
|
641 | "hashes" : {}
|
642 | }
|
643 | },
|
644 | "handlebars.js" : {
|
645 | "vulnerabilities" : [
|
646 | {
|
647 | "below" : "1.0.0.beta.3",
|
648 | "severity": "medium",
|
649 | "identifiers": {
|
650 | "summary": "poorly sanitized input passed to eval()"
|
651 | },
|
652 | "info" : [ "https://github.com/wycats/handlebars.js/pull/68" ] } ],
|
653 | "extractors" : {
|
654 | "func" : [ "Handlebars.VERSION" ],
|
655 | "uri" : [ "/(§§version§§)/handlebars(\\.min)?\\.js" ],
|
656 | "filename" : [ "handlebars(?:js)?-(§§version§§)(.min)?\\.js" ],
|
657 | "filecontent" : [ "Handlebars.VERSION = \"(§§version§§)\";", "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
|
658 | "this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")"
|
659 | ],
|
660 | "hashes" : {}
|
661 | }
|
662 | },
|
663 | "easyXDM" : {
|
664 | "vulnerabilities" : [
|
665 | {
|
666 | "below" : "2.4.18",
|
667 | "severity": "high",
|
668 | "identifiers": {"CVE": "CVE-2013-5212"},
|
669 | "info" : [ "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212" ]
|
670 | },
|
671 | {
|
672 | "below" : "2.4.19",
|
673 | "severity": "high",
|
674 | "identifiers": {"CVE": "CVE-2014-1403"},
|
675 | "info" : [ "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403" ]
|
676 | }
|
677 | ],
|
678 | "extractors" : {
|
679 | "uri" : [ "/(easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js" ],
|
680 | "filename" : [ "easyXDM-(§§version§§)(.min)?\\.js" ],
|
681 | "filecontent" : [ " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
|
682 | "@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)" ],
|
683 | "hashes" : { "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643" : "2.4.6"}
|
684 | }
|
685 | },
|
686 |
|
687 | "plupload" : {
|
688 | "vulnerabilities" : [
|
689 | {
|
690 | "below" : "1.5.4",
|
691 | "severity": "high",
|
692 | "identifiers": {"CVE": "CVE-2012-2401"},
|
693 | "info" : [ "http://www.cvedetails.com/cve/CVE-2012-2401/" ]
|
694 | },
|
695 | {
|
696 | "below" : "1.5.5",
|
697 | "severity": "high",
|
698 | "identifiers": {"CVE": "CVE-2013-0237"},
|
699 | "info" : [ "http://www.cvedetails.com/cve/CVE-2013-0237/" ]
|
700 | }
|
701 | ],
|
702 | "extractors" : {
|
703 | "func" : [ "plupload.VERSION" ],
|
704 | "uri" : [ "/(§§version§§)/plupload(\\.min)?\\.js" ],
|
705 | "filename" : [ "plupload-(§§version§§)(.min)?\\.js" ],
|
706 | "filecontent" : [ "\\* Plupload - multi-runtime File Uploader(\r|\n)+ \\* v§§version§§",
|
707 | "var g=\\{VERSION:\"§§version§§\",.*;window.plupload=g\\}"
|
708 | ],
|
709 | "hashes" : {}
|
710 | }
|
711 | },
|
712 |
|
713 | "DOMPurify" : {
|
714 | "vulnerabilities" : [
|
715 | {
|
716 | "below" : "0.6.1",
|
717 | "severity": "medium",
|
718 | "identifiers": { },
|
719 | "info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.6.1" ]
|
720 | }
|
721 | ],
|
722 | "extractors" : {
|
723 | "func" : [ "DOMPurify.version" ],
|
724 | "filecontent" : [ "DOMPurify.version = '§§version§§';" ],
|
725 | "hashes" : {}
|
726 | }
|
727 | },
|
728 |
|
729 |
|
730 | "DWR" : {
|
731 | "vulnerabilities" : [
|
732 | {
|
733 | "below" : "1.1.4",
|
734 | "severity": "high",
|
735 | "identifiers": { "CVE" : "CVE-2007-01-09" },
|
736 | "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
|
737 | },
|
738 | {
|
739 | "below" : "2.0.11",
|
740 | "severity": "medium",
|
741 | "identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
|
742 | "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
|
743 | },
|
744 | {
|
745 | "above" : "3",
|
746 | "below" : "3.0.RC3",
|
747 | "severity": "medium",
|
748 | "identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
|
749 | "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
|
750 | }
|
751 | ],
|
752 | "extractors" : {
|
753 | "func" : [ "dwr.version" ],
|
754 | "filecontent" : [
|
755 | " dwr-§§version§§.jar"
|
756 | ]
|
757 | }
|
758 | },
|
759 |
|
760 | "dont check" : {
|
761 | "extractors" : {
|
762 | "uri" : [
|
763 | "^http[s]?://(ssl|www).google-analytics.com/ga.js",
|
764 | "^http[s]?://apis.google.com/js/plusone.js",
|
765 | "^http[s]?://cdn.cxense.com/cx.js"
|
766 | ]
|
767 | }
|
768 | }
|
769 | }
|