Several CVE vulnerabilities in JsPolicy 0.2.2 #130
Comments
jaredhancock31
changed the title
jaredhancock31
changed the title
|
Any updates on this? It looks like the number of vulnerabilities is continuing to increase |
|
Could anyone describe the status of the project? Published chart doesn't work in kubernetes 1.25+, vulnerabilities not fixed etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As part of our image scanning we found that the latest JsPolicy (0.2.2) has several unaddressed CVEs
CVE ID: CVE-2023-26604,CVE-2023-50387
Vulnerabilities in libudev1
CVE-2023-42282 (MITRE NIST) Server-Side Request Forgery (SSRF) Vulnerability in ip 2.0.0
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVE-2022-37434 (MITRE NIST) Out-of-bounds Write Vulnerability in zlib 1.2.11
CVE-2023-45853 (MITRE NIST) Integer Overflow or Wraparound Vulnerability in zlib 1.2.11
CVE-2021-4279 (MITRE NIST) Vulnerability in jsonpatch 2.2.0
CVE-2023-28154 (MITRE NIST) Vulnerability in webpack 5.75.0
The text was updated successfully, but these errors were encountered: