UNPKG

25.6 kBJSONView Raw
1{
2 "retire-example": {
3 "vulnerabilities" : [
4 { "below" : "0.0.2", "info" : [ "http://github.com/eoftedal/retire.js/" ] }
5 ],
6 "extractors" : {
7 "func" : [ "retire.VERSION" ],
8 "filename" : [ "retire-example-(§§version§§)(.min)?\\.js" ],
9 "filecontent" : [ "/\\*!? Retire-example v(§§version§§)" ],
10 "hashes" : { "07f8b94c8d601a24a1914a1a92bec0e4fafda964" : "0.0.1" }
11 }
12 },
13
14 "jquery": {
15 "vulnerabilities" : [
16 {
17 "below" : "1.6.3",
18 "severity": "medium",
19 "identifiers": { "CVE": "CVE-2011-4969" },
20 "info" : [ "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969" , "http://research.insecurelabs.org/jquery/test/" ]
21 },
22 {
23 "below" : "1.9.0b1",
24 "identifiers": {
25 "bug": "11290",
26 "summary": "Selector interpreted as HTML"
27 },
28 "severity": "medium",
29 "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]}
30 ],
31 "extractors" : {
32 "func" : [ "jQuery.fn.jquery" ],
33 "uri" : [ "/(§§version§§)/jquery(\\.min)?\\.js" ],
34 "filename" : [ "jquery-(§§version§§)(\\.min)?\\.js" ],
35 "filecontent" : [
36 "/\\*!? jQuery v(§§version§§)", "\\* jQuery JavaScript Library v(§§version§§)",
37 "\\* jQuery (§§version§§) - New Wave Javascript", "// \\$Id: jquery.js,v (§§version§§)",
38 "/\\*! jQuery v(§§version§§)", "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
39 "[^a-z]jquery:[ ]?\"(§§version§§)\""
40 ],
41 "hashes" : {}
42 }
43 },
44 "jquery-migrate" : {
45 "vulnerabilities" : [
46 {
47 "below" : "1.2.0",
48 "severity": "medium",
49 "identifiers": {
50 "release": "jQuery Migrate 1.2.0 Released",
51 "summary": "cross-site-scripting"
52 },
53 "info" : [ "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/" ]
54 },
55 {
56 "below" : "1.2.2",
57 "severity": "medium",
58 "identifiers": {
59 "bug": "11290",
60 "summary": "Selector interpreted as HTML"
61 },
62 "info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]
63 }
64 ],
65 "extractors" : {
66 "filename" : [ "jquery-migrate-(§§version§§)(.min)?\\.js" ],
67 "filecontent" : [ "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)" ],
68 "hashes" : {}
69 }
70 },
71 "jquery-mobile" : {
72 "vulnerabilities" : [
73 {
74 "below" : "1.0RC2",
75 "severity": "high",
76 "identifiers": {"osvdb": ["94563", "93562", "94316", "94561", "94560"]},
77 "info" : [ "http://osvdb.org/show/osvdb/94563", "http://osvdb.org/show/osvdb/94562", "http://osvdb.org/show/osvdb/94316", "http://osvdb.org/show/osvdb/94561", "http://osvdb.org/show/osvdb/94560" ]
78 },
79 {
80 "below" : "1.0.1",
81 "severity": "high",
82 "identifiers": {"osvdb": "94317"},
83 "info": [ "http://osvdb.org/show/osvdb/94317" ]
84 },
85 {
86 "below" : "1.1.2",
87 "severity": "medium",
88 "identifiers": {
89 "issue": "4787",
90 "release": "http://jquerymobile.com/changelog/1.1.2/",
91 "summary": "location.href cross-site scripting"
92 },
93 "info": [ "http://jquerymobile.com/changelog/1.1.2/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
94 },
95 {
96 "below" : "1.2.0",
97 "severity": "medium",
98 "identifiers": {
99 "issue": "4787",
100 "release": "http://jquerymobile.com/changelog/1.2.0/",
101 "summary": "location.href cross-site scripting"
102 },
103 "info": [ "http://jquerymobile.com/changelog/1.2.0/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
104 }
105 ],
106 "extractors" : {
107 "func" : [ "jQuery.mobile.version" ],
108 "filename" : [ "jquery.mobile-(§§version§§)(.min)?\\.js" ],
109 "uri" : [ "/(§§version§§)/jquery.mobile(\\.min)?\\.js" ],
110 "filecontent" : [ "/\\*!?(?:\n \\*)? jQuery Mobile(?: -)? v(§§version§§)" ],
111 "hashes" : {}
112 }
113 },
114 "jquery-ui-dialog" : {
115 "vulnerabilities" : [
116 {
117 "atOrAbove": "1.8.9",
118 "below" : "1.10.0",
119 "severity": "medium",
120 "identifiers": {
121 "bug": "6016",
122 "summary": "Title cross-site scripting vulnerability"
123 },
124 "info" : [ "http://bugs.jqueryui.com/ticket/6016" ]
125 }
126 ],
127 "extractors" : {
128 "func" : [ "jQuery.ui.dialog.version" ],
129 "filecontent" : [
130 "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
131 "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
132 "/\\*!?[\n *]+jQuery UI Dialog (§§version§§)"
133 ],
134 "hashes" : {}
135 }
136 },
137 "jquery-ui-autocomplete" : {
138 "vulnerabilities" : [ ],
139 "extractors" : {
140 "func" : [ "jQuery.ui.autocomplete.version" ],
141 "filecontent" : [
142 "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
143 "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
144 "/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)"
145 ],
146 "hashes" : {}
147 }
148 },
149 "jquery-ui-tooltip" : {
150 "vulnerabilities" : [
151 {
152 "atOrAbove": "1.9.2",
153 "below" : "1.10.0",
154 "severity": "high",
155 "identifiers": {
156 "bug": "8859",
157 "summary": "Autocomplete cross-site scripting vulnerability"
158 },
159 "info" : [ "http://bugs.jqueryui.com/ticket/8859" ]
160 }
161 ],
162 "extractors" : {
163 "func" : [ "jQuery.ui.tooltip.version" ],
164 "filecontent" : [
165 "/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
166 "/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
167 "/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
168 ],
169 "hashes" : {}
170 }
171 },
172 "jquery.prettyPhoto" : {
173 "vulnerabilities" : [
174 {
175 "below" : "3.1.5",
176 "severity": "high",
177 "identifiers": {"CVE": "CVE-2013-6837"},
178 "info" : [ "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3" ]
179 }
180 ],
181 "extractors" : {
182 "func" : [ "jQuery.prettyPhoto.version" ],
183 "filecontent" : [
184 "/\\*(?:.*[\n\r]+){1,3}.*Class: prettyPhoto(?:.*[\n\r]+){1,3}.*Version: (§§version§§)",
185 "\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
186 ],
187 "hashes" : {}
188 }
189 },
190 "jPlayer" : {
191 "vulnerabilities" : [
192 {
193 "below" : "2.4.0",
194 "severity": "high",
195 "identifiers": {"CVE": "CVE-2013-2023"},
196 "info" : [ "http://jplayer.org/latest/release-notes/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2023" ]
197 },
198 {
199 "below" : "2.3.0",
200 "severity": "high",
201 "identifiers": {"CVE": ["CVE-2013-1942", "CVE-2013-2022"]},
202 "info" : [ "http://jplayer.org/latest/release-notes/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1942", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2022" ]
203 },
204 {
205 "below" : "2.2.0",
206 "severity": "high",
207 "identifiers": {
208 "release": "2.2.0",
209 "summary": "Flash SWF vulnerability"
210 },
211 "info" : [ "http://jplayer.org/latest/release-notes/" ]
212 }
213 ],
214 "extractors" : {
215 "func" : [ "new jQuery.jPlayer().version.script" ],
216 "filecontent" : [
217 "/\\*(?:.*[\n\r]+){1,3}.*jPlayer Plugin for jQuery(?:.*[\n\r]+){1,10}.*Version: (§§version§§)"
218 ],
219 "hashes" : {}
220 }
221 },
222 "sessvars": {
223 "vulnerabilities" : [
224 {
225 "below" : "1.01",
226 "severity": "low",
227 "identifiers": {"summary": "Unsanitized data passed to eval()"},
228 "info" : [ "http://www.thomasfrank.se/sessionvars.html" ]
229 }
230 ],
231 "extractors" : {
232 "filename" : [ "sessvars-(§§version§§)(.min)?\\.js"],
233 "filecontent" : [ "sessvars ver (§§version§§)"],
234 "hashes" : {}
235 }
236 },
237 "YUI" : {
238 "vulnerabilities" : [
239 {
240 "atOrAbove" : "3.5.0" ,
241 "below" : "3.9.2",
242 "severity": "high",
243 "identifiers": {"CVE": "CVE-2013-4942"},
244 "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4942/" ]
245 },
246 {
247 "atOrAbove" : "3.2.0" ,
248 "below" : "3.9.2",
249 "severity": "high",
250 "identifiers": {"CVE": "CVE-2013-4941"},
251 "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4941/" ]
252 },
253 {
254 "below" : "3.10.3",
255 "severity": "high",
256 "identifiers": {"CVE": "CVE-2013-4940"},
257 "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4940/" ]
258 },
259 {
260 "atOrAbove" : "3.0.0" ,
261 "below" : "3.9.2",
262 "severity": "high",
263 "identifiers": {"CVE": "CVE-2013-4939"},
264 "info" : [ "http://www.cvedetails.com/cve/CVE-2013-4939/" ]
265 },
266 {
267 "atOrAbove" : "2.8.0" ,
268 "below" : "2.9.1",
269 "severity": "high",
270 "identifiers": {"CVE": "CVE_2012-5883"},
271 "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5883/" ]
272 },
273 {
274 "atOrAbove" : "2.5.0" ,
275 "below" : "2.9.1",
276 "severity": "high",
277 "identifiers": {"CVE": "CVE-2012-5882"},
278 "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5882/" ]
279 },
280 {
281 "atOrAbove" : "2.4.0" ,
282 "below" : "2.9.1",
283 "severity": "high",
284 "identifiers": {"CVE": "CVE-2012-5881"},
285 "info" : [ "http://www.cvedetails.com/cve/CVE-2012-5881/" ]
286 },
287 {
288 "below" : "2.9.0",
289 "severity": "medium",
290 "identifiers": {"CVE": "CVE-2010-4710"},
291 "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4710/" ]
292 },
293 {
294 "atOrAbove" : "2.8.0" ,
295 "below" : "2.8.2",
296 "severity": "high",
297 "identifiers": {"CVE": "CVE-2010-4209"},
298 "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4209/" ]
299 },
300 {
301 "atOrAbove" : "2.5.0" ,
302 "below" : "2.8.2",
303 "severity": "high",
304 "identifiers": {"CVE": "CVE-2010-4208"},
305 "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4208/" ]
306 },
307 {
308 "atOrAbove" : "2.4.0" ,
309 "below" : "2.8.2",
310 "severity": "high",
311 "identifiers": {"CVE": "CVE-2010-4207"},
312 "info" : [ "http://www.cvedetails.com/cve/CVE-2010-4207/" ]
313 }
314 ],
315 "extractors" : {
316 "func" : [ "YUI.Version" ],
317 "filename" : [ "yui-(§§version§§)(.min)?\\.js"],
318 "filecontent" : [ "YUI (§§version§§)", "/yui/license.(?:html|txt)\nversion: (§§version§§)"],
319 "hashes" : {}
320 }
321 },
322 "prototypejs" : {
323 "vulnerabilities" : [
324 {
325 "atOrAbove" : "1.6.0",
326 "below" : "1.6.0.2",
327 "severity": "high",
328 "identifiers": {"CVE": "CVE-2008-7220"},
329 "info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/" ] },
330 {
331 "below" : "1.5.1.2",
332 "severity": "high",
333 "identifiers": {"CVE": "CVE-2008-7220"},
334 "info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/" ] }
335 ],
336 "extractors" : {
337 "func" : [ "Prototype.Version" ],
338 "uri" : [ "/(§§version§§)/prototype(\\.min)?\\.js" ],
339 "filename" : [ "prototype-(§§version§§)(.min)?\\.js" ],
340 "filecontent" : [ "Prototype JavaScript framework, version (§§version§§)",
341 "Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")" ],
342 "hashes" : {}
343 }
344 },
345 "ember" : {
346 "vulnerabilities" : [
347 {
348 "atOrAbove" : "1.3.0-*",
349 "below" : "1.3.2",
350 "severity": "medium",
351 "identifiers": {"CVE": "CVE-2014-0046"},
352 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ]
353 },
354 {
355 "atOrAbove" : "1.2.0-*",
356 "below" : "1.2.2",
357 "severity": "medium",
358 "identifiers": {"CVE": "CVE-2014-0046"},
359 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ] },
360 {
361 "atOrAbove" : "1.4.0-*",
362 "below" : "1.4.0-beta.2",
363 "severity": "high",
364 "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
365 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
366 },
367 {
368 "atOrAbove" : "1.3.0-*",
369 "below" : "1.3.1",
370 "severity": "high",
371 "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
372 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
373 },
374 {
375 "atOrAbove" : "1.2.0-*",
376 "below" : "1.2.1",
377 "severity": "high",
378 "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
379 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
380 },
381 {
382 "atOrAbove" : "1.1.0-*",
383 "below" : "1.1.3",
384 "severity": "high",
385 "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
386 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
387 },
388 {
389 "atOrAbove" : "1.0.0-*",
390 "below" : "1.0.1",
391 "severity": "high",
392 "identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
393 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
394 },
395 {
396 "atOrAbove" : "1.0.0-rc.1",
397 "below" : "1.0.0-rc.1.1",
398 "severity": "medium",
399 "identifiers": {"CVE": "CVE-2013-4170"},
400 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
401 },
402 {
403 "atOrAbove" : "1.0.0-rc.2",
404 "below" : "1.0.0-rc.2.1",
405 "severity": "medium",
406 "identifiers": {"CVE": "CVE-2013-4170"},
407 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
408 },
409 {
410 "atOrAbove" : "1.0.0-rc.3",
411 "below" : "1.0.0-rc.3.1",
412 "severity": "medium",
413 "identifiers": {"CVE": "CVE-2013-4170"},
414 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
415 },
416 {
417 "atOrAbove" : "1.0.0-rc.4",
418 "below" : "1.0.0-rc.4.1",
419 "severity": "medium",
420 "identifiers": {"CVE": "CVE-2013-4170"},
421 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
422 },
423 {
424 "atOrAbove" : "1.0.0-rc.5",
425 "below" : "1.0.0-rc.5.1",
426 "severity": "medium",
427 "identifiers": {"CVE": "CVE-2013-4170"},
428 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
429 },
430 {
431 "atOrAbove" : "1.0.0-rc.6",
432 "below" : "1.0.0-rc.6.1",
433 "severity": "medium",
434 "identifiers": {"CVE": "CVE-2013-4170"},
435 "info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
436 },
437 {
438 "below" : "0.9.7.1",
439 "info" : [ "https://github.com/emberjs/ember.js/blob/master/CHANGELOG" ]
440 },
441 {
442 "below" : "0.9.7",
443 "severity": "high",
444 "identifiers": {
445 "bug": "699",
446 "summary": "Bound attributes aren't escaped properly"
447 },
448 "info" : [ "https://github.com/emberjs/ember.js/issues/699" ]
449 }
450 ],
451 "extractors" : {
452 "func" : [ "Ember.VERSION" ],
453 "uri" : [ "/(?:v)?(§§version§§)/ember(\\.min)?\\.js" ],
454 "filename" : [ "ember-(§§version§§)(\\.min)?\\.js" ],
455 "filecontent" : [
456 "Project: Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
457 "// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
458 "Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")"
459 ],
460 "hashes" : {}
461 }
462 },
463 "dojo" : {
464 "vulnerabilities" : [
465 {
466 "atOrAbove" : "0.4",
467 "below" : "0.4.4",
468 "severity": "high",
469 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2272"]},
470 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2272/" ]
471 },
472 {
473 "atOrAbove" : "1.0",
474 "below" : "1.0.3",
475 "severity": "high",
476 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
477 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
478 },
479 {
480 "atOrAbove" : "1.1",
481 "below" : "1.1.2",
482 "severity": "high",
483 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
484 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
485 },
486 {
487 "atOrAbove" : "1.2",
488 "below" : "1.2.4",
489 "severity": "high",
490 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
491 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
492 },
493 {
494 "atOrAbove" : "1.3",
495 "below" : "1.3.3",
496 "severity": "high",
497 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
498 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
499 },
500 {
501 "atOrAbove" : "1.4",
502 "below" : "1.4.2",
503 "severity": "high",
504 "identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
505 "info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
506 },
507 {
508 "below" : "1.4.2",
509 "severity": "medium",
510 "identifiers": {"CVE": "CVE-2010-2275"},
511 "info" : [ "http://www.cvedetails.com/cve/CVE-2010-2275/"]
512 },
513 {
514 "below" : "1.1",
515 "severity": "medium",
516 "identifiers": {"CVE": "CVE-2008-6681"},
517 "info" : [ "http://www.cvedetails.com/cve/CVE-2008-6681/"]
518 }
519
520
521 ],
522 "extractors" : {
523 "func" : [ "dojo.version.toString()" ],
524 "uri" : [ "/(?:dojo-)?(§§version§§)/dojo(\\.min)?\\.js" ],
525 "filename" : [ "dojo-(§§version§§)(\\.min)?\\.js" ],
526 "filecontentreplace" : [ "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"],
527 "hashes" : {
528 "73cdd262799aab850abbe694cd3bfb709ea23627" : "1.4.1",
529 "c8c84eddc732c3cbf370764836a7712f3f873326" : "1.4.0",
530 "d569ce9efb7edaedaec8ca9491aab0c656f7c8f0" : "1.0.0",
531 "ad44e1770895b7fa84aff5a56a0f99b855a83769" : "1.3.2",
532 "8fc10142a06966a8709cd9b8732f7b6db88d0c34" : "1.3.1",
533 "a09b5851a0a3e9d81353745a4663741238ee1b84" : "1.3.0",
534 "2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d" : "1.2.3",
535 "12208a1e649402e362f528f6aae2c614fc697f8f" : "1.2.0",
536 "72a6a9fbef9fa5a73cd47e49942199147f905206" : "1.1.1"
537 }
538
539 }
540 },
541 "angularjs" : {
542 "vulnerabilities" : [
543 {
544 "below" : "1.2.0",
545 "severity": "high",
546 "identifiers": {
547 "summary": [
548 "execution of arbitrary javascript",
549 "sandboxing fails",
550 "possible cross-site scripting vulnerabilities"
551 ]
552 },
553 "info" : [ "https://code.google.com/p/mustache-security/wiki/AngularJS" ]
554 },
555 {
556 "below" : "1.2.19",
557 "severity": "medium",
558 "identifiers": {
559 "release": "1.3.0-beta.14",
560 "summary": "execution of arbitrary javascript"
561 },
562 "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ]
563 },
564 {
565 "below" : "1.2.24",
566 "severity": "medium",
567 "identifiers": {
568 "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
569 "summary": "execution of arbitrary javascript"
570 },
571 "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"]
572 },
573 {
574 "atOrAbove" : "1.3.0-beta.1",
575 "below" : "1.3.0-beta.14",
576 "severity": "medium",
577 "identifiers": {
578 "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
579 "summary": "execution of arbitrary javascript"
580 },
581 "info" : [ "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md" ]
582 },
583 {
584 "atOrAbove" : "1.3.0-beta.1",
585 "below" : "1.3.0-rc.1",
586 "severity": "medium",
587 "identifiers": {
588 "commit": "b39e1d47b9a1b39a9fe34c847a81f589fba522f8",
589 "summary": "execution of arbitrary javascript"
590 },
591 "info" : [ "http://avlidienbrunn.se/angular.txt", "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8"]
592 }
593
594 ],
595 "extractors" : {
596 "func" : [ "angular.version.full" ],
597 "uri" : [ "/(§§version§§)/angular(\\.min)?\\.js" ],
598 "filename" : [ "angular(?:js)?-(§§version§§)(.min)?\\.js" ],
599 "filecontent" : [ "/\\*[ \n]+AngularJS v(§§version§§)" ],
600 "hashes" : {}
601 }
602 },
603 "backbone.js" : {
604 "vulnerabilities" : [
605 {
606 "below" : "0.5.0",
607 "severity": "medium",
608 "identifiers": {
609 "release": "0.5.0",
610 "summary": "cross-site scripting vulnerability"
611 },
612 "info" : [ "http://backbonejs.org/#changelog" ]
613 }
614 ],
615 "extractors" : {
616 "func" : [ "Backbone.VERSION" ],
617 "uri" : [ "/(§§version§§)/backbone(\\.min)?\\.js" ],
618 "filename" : [ "backbone(?:js)?-(§§version§§)(.min)?\\.js" ],
619 "filecontent" : [ "//[ ]+Backbone.js (§§version§§)", "a=t.Backbone={}}a.VERSION=\"(§§version§§)\"" ],
620 "hashes" : {}
621 }
622 },
623 "mustache.js" : {
624 "vulnerabilities" : [
625 {
626 "below" : "0.3.1",
627 "severity": "high",
628 "identifiers": {
629 "bug": "112",
630 "summary": "execution of arbitrary javascript"
631 },
632 "info" : [ "https://github.com/janl/mustache.js/issues/112" ] } ],
633 "extractors" : {
634 "func" : [ "Mustache.version" ],
635 "uri" : [ "/(§§version§§)/mustache(\\.min)?\\.js" ],
636 "filename" : [ "mustache(?:js)?-(§§version§§)(.min)?\\.js" ],
637 "filecontent" : [ "name:\"mustache.js\",version:\"(§§version§§)\"",
638 "[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
639 "exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
640 ],
641 "hashes" : {}
642 }
643 },
644 "handlebars.js" : {
645 "vulnerabilities" : [
646 {
647 "below" : "1.0.0.beta.3",
648 "severity": "medium",
649 "identifiers": {
650 "summary": "poorly sanitized input passed to eval()"
651 },
652 "info" : [ "https://github.com/wycats/handlebars.js/pull/68" ] } ],
653 "extractors" : {
654 "func" : [ "Handlebars.VERSION" ],
655 "uri" : [ "/(§§version§§)/handlebars(\\.min)?\\.js" ],
656 "filename" : [ "handlebars(?:js)?-(§§version§§)(.min)?\\.js" ],
657 "filecontent" : [ "Handlebars.VERSION = \"(§§version§§)\";", "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
658 "this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")"
659 ],
660 "hashes" : {}
661 }
662 },
663 "easyXDM" : {
664 "vulnerabilities" : [
665 {
666 "below" : "2.4.18",
667 "severity": "high",
668 "identifiers": {"CVE": "CVE-2013-5212"},
669 "info" : [ "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212" ]
670 },
671 {
672 "below" : "2.4.19",
673 "severity": "high",
674 "identifiers": {"CVE": "CVE-2014-1403"},
675 "info" : [ "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403" ]
676 }
677 ],
678 "extractors" : {
679 "uri" : [ "/(easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js" ],
680 "filename" : [ "easyXDM-(§§version§§)(.min)?\\.js" ],
681 "filecontent" : [ " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
682 "@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)" ],
683 "hashes" : { "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643" : "2.4.6"}
684 }
685 },
686
687 "plupload" : {
688 "vulnerabilities" : [
689 {
690 "below" : "1.5.4",
691 "severity": "high",
692 "identifiers": {"CVE": "CVE-2012-2401"},
693 "info" : [ "http://www.cvedetails.com/cve/CVE-2012-2401/" ]
694 },
695 {
696 "below" : "1.5.5",
697 "severity": "high",
698 "identifiers": {"CVE": "CVE-2013-0237"},
699 "info" : [ "http://www.cvedetails.com/cve/CVE-2013-0237/" ]
700 }
701 ],
702 "extractors" : {
703 "func" : [ "plupload.VERSION" ],
704 "uri" : [ "/(§§version§§)/plupload(\\.min)?\\.js" ],
705 "filename" : [ "plupload-(§§version§§)(.min)?\\.js" ],
706 "filecontent" : [ "\\* Plupload - multi-runtime File Uploader(\r|\n)+ \\* v§§version§§",
707 "var g=\\{VERSION:\"§§version§§\",.*;window.plupload=g\\}"
708 ],
709 "hashes" : {}
710 }
711 },
712
713 "DOMPurify" : {
714 "vulnerabilities" : [
715 {
716 "below" : "0.6.1",
717 "severity": "medium",
718 "identifiers": { },
719 "info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.6.1" ]
720 }
721 ],
722 "extractors" : {
723 "func" : [ "DOMPurify.version" ],
724 "filecontent" : [ "DOMPurify.version = '§§version§§';" ],
725 "hashes" : {}
726 }
727 },
728
729
730 "DWR" : {
731 "vulnerabilities" : [
732 {
733 "below" : "1.1.4",
734 "severity": "high",
735 "identifiers": { "CVE" : "CVE-2007-01-09" },
736 "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
737 },
738 {
739 "below" : "2.0.11",
740 "severity": "medium",
741 "identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
742 "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
743 },
744 {
745 "above" : "3",
746 "below" : "3.0.RC3",
747 "severity": "medium",
748 "identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
749 "info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
750 }
751 ],
752 "extractors" : {
753 "func" : [ "dwr.version" ],
754 "filecontent" : [
755 " dwr-§§version§§.jar"
756 ]
757 }
758 },
759
760 "dont check" : {
761 "extractors" : {
762 "uri" : [
763 "^http[s]?://(ssl|www).google-analytics.com/ga.js",
764 "^http[s]?://apis.google.com/js/plusone.js",
765 "^http[s]?://cdn.cxense.com/cx.js"
766 ]
767 }
768 }
769}