Comments (1)
maurycupitt
commented on August 20, 2024
Example return when using the component identifier to get secondary expansion info
{"identifier":"CVE-2020-8910","vulnIds":["CVE-2020-8910"],"vulnerabilityLink":"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8910","source":{"shortName":"CVE","longName":"National Vulnerability Database"},"mainSeverity":{"source":"cve_cvss_3","score":6.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},"severityScores":[{"source":"cve_cvss_2","score":4.3},{"source":"sonatype_cvss_3","score":6.5}],"weakness":{"cweSource":"CVE","cweIds":[{"id":"20","uri":"https://cwe.mitre.org/data/definitions/20.html"}]},"categories":["data"],"description":"A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.","explanationMarkdown":"The google-closure-librarypackage contains an Improper Input Validation vulnerability. Thesplitfunction inutils.jsdoes not properly parse out the authority in a given URI and returns the wrong authority. An attacker can exploit this with a malicious URI that when parsed will return an incorrect and malicious authority.","componentExplanationMarkdown":"","detectionMarkdown":"The application is vulnerable by using this component.","componentDetectionMarkdown":"","recommendationMarkdown":"We recommend upgrading to a version of this component that is not vulnerable to this specific issue.\n\nNote: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.","componentRecommendationMarkdown":"","rootCauses":[{"listOfPaths":["npm-force-resolutions-0.0.10.tgz","package/.cljs_node_repl/goog/uri/utils.js"],"versionRange":"( , 0.0-20201211-3e6c510d)"},{"listOfPaths":["npm-force-resolutions-0.0.10.tgz","package/out/goog/uri/utils.js"],"versionRange":"( , 0.0-20201211-3e6c510d)"},{"listOfPaths":["npm-force-resolutions-0.0.10.tgz","package/out/goog/uri/utils.js"],"versionRange":"( , 20200315.0.0)"},{"listOfPaths":["npm-force-resolutions-0.0.10.tgz","package/.cljs_node_repl/goog/uri/utils.js"],"versionRange":"( , 20200315.0.0)"}],"advisories":[{"referenceType":"THIRD_PARTY","url":"https://security-tracker.debian.org/tracker/CVE-2020-8910"}],"vulnerableVersionRanges":["[0.0.1,0.0.3]","[0.0.5,0.0.10]"],"researchType":"DEEP_DIVE","isAdvancedVulnerabilityDetection":true}⏎
from nexus-iq-chrome-extension.
Related Issues (20)
- bug: fix unique key violations in policy pages HOT 1
- bug: workflow for options page not right HOT 1
- BUG: URL fragments prevent correct identification of a package and version HOT 1
- [BUG] Favicon missing from options page HOT 1
- [BUG] Duplicate notifications when a package is not policy compliant HOT 2
- [BUG] Slow / Never loads remediation advice HOT 1
- [BUG] No alerts produced when there are no Security vulnerabilities, but Firewall policies are violated HOT 1
- [BUG] Extension is making multiple of the same calls to IQ Server HOT 1
- add support for Java - Maven new https://central.sonatype.com/ (that will replace search.maven.org) HOT 2
- [BREAKING] Replace `@sonatype/js-sona-types` HOT 2
- [BUG] 2.0.0 extension always throws error: `Uncaught (in promise`
- [IMPROVEMENT] Application Selector not visible when heading back to Extension Options (for IQ) HOT 1
- invalid DOM Nesting HOT 1
- cvss vector Explainer HOT 2
- [BUG] Page annotations for CocoaPods not working when there are Policy Violations [IQ]
- [FEATURE] Support for OSS Index in v2.x.x Release
- [BUG] Component Details call to IQ is not returning data HOT 5
- DEPRECATION NOTICE
- The automated release is failing 🚨
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nexus-iq-chrome-extension.