Scantist CSA: Curated Security Advisory (12 Aug 2021)

Scantist CSA: Curated Security Advisory (12 Aug 2021)

Scantist Admin

Scantist Admin

- Curated Security Advisory

Scantist CSA:
Curated Security Advisory (12 Aug 2021)

Data is crawled between 5 to 11 Aug 2021

Java

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
org.cloudfoundry.identity:cloudfoundry-identity-server99.8<2.7.4.8, 3.0.0 – 3.16.0
org.eclipse.jetty:jetty-project57.5<=11.0.2, 11.0.3 – 11.0.5
org.cloudfoundry.identity:cloudfoundry-identity-uaa48.8<=4.2.0
org.cloudfoundry.identity:cloudfoundry-identity-common38.82.2.4 – 2.2.6, 2.4.1 – 2.7.4.9, 3.0.0 – 3.6.11
org.mortbay.jetty:jetty26.17.0 – 9.0, 9.0.1 – 9.2.27, 9.3.0 – 9.3.26, 9.4.0 – 9.4.16
org.neo4j:neo4j28.8<=3.4.18, 4.2.0 – 4.2.7
org.apache.tomcat:tomcat26.58.5.0 – 8.5.66, 9.0.0.M1 – 9.0.46, 10.0..0-M1 – 10.0.6
org.hibernate:hibernate-validator16.1<6.1.0.Final
org.jboss.remoting:jboss-remoting15.9<5.0.20.Final
org.jolokia:jolokia18.81.2.0 – 1.6.0
org.jolokia:jolokia-core18.81.2.0 – 1.6.0
com.google.guava:guava15.911.0 – 24.1.0
org.mule.runtime:mule10*3.0 – 5.0
org.hibernate.validator:hibernate-validator16.1<6.1.0.Final
org.slf4j:slf4j-ext19.8<1.7.26, 1.8.0-alpha1 – 1.8.0-beta2
org.webjars.bower:jquery-ui16.1<=1.11.4
org.webjars.bower:video.js16.1<=7.7.1
org.webjars.npm:jquery-ui16.1<1.12.0
org.webjars.npm:video.js16.1<=7.14.1
org.webjars:jquery-ui16.1<1.12.0
org.hibernate:hibernate-core16.5<5.3.18, 5.4.0 – 5.4.17
org.eclipse.jetty:jetty-webapp17<=9.4.32.v20200930, 10.0.0 – 10.0.0.beta2, 11.0.0 – 11.0.0.beta2
org.glassfish:jakarta.faces16.5<2.3.14
org.elasticsearch:elasticsearch16.5<7.13.3
commons-io:commons-io15.3<2.7
org.eclipse.jetty:jetty-servlets15.3<=9.4.40.v20210413, 10.0.0 – 10.0.2, 11.0.0 – 11.0.2
org.eclipse.jetty:jetty-server15.39.4.6.v20170531 – 9.4.36.v20210114, 10.0.0, 11.0.0
org.cloudfoundry.identity:cloudfoundry-identity-scim18.82.4.1 – 2.7.4.9
org.apache.maven:maven-core19.1< 3.8.1
org.apache.directory.studio:org.apache.directory.studio.parent17.8<2.0.0.v20151221-M10
org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core17.8<2.0.0.v20151221-M10
org.apache.directory.studio:ldapbrowser.core17.8<2.0.0-M10
org.apache.commons:commons-compress17.5<=1.20
io.vertx:vertx-web19.83.4.0 – 3.9.4, 4.0.0.Beta1 – 4.0.0-milestone5
io.netty:netty-codec-http215.9<4.1.60.Final
org.wildfly.security:wildfly-elytron10*<1.16.1.Final


JavaScript

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
tar20*< 3.2.3, 4.0.0 – 4.4.14, 5.0.0 – 5.0.6, 6.0.0 – 6.1.1
deepmergefn19.8<=1.1.0
isomorphic-git15.3<1.8.2
joplin16.1<2.1.1
jquery-ui16.1<1.12.0
open-graph10*<0.2.6
url-parse15.3<1.5.2
video.js16.1<7.14.3


Python

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
ansible259.8<=2.9.7, 2.9.8 – 2.9.18, 2.10
ovs37.52.7.0 – 2.7.6
octavia28<0.9.0, 2.0.0 – 2.0.2-5, 3.0.0 – 3.0.1-0.20181009115732
neutron26.5<=10.0.7, 11.0 – 11.0.6, 12.0 – 12.0.5, 13.0 – 13.0.2
keystone25.3<16.0.2, 17.0.0, 18.0.0, 19.0.0
charm_crypto26.50.43
jupyterlab10*< 3.1.4
redhat:openstack17.512.0, 13.0, 14.0
notebook10*<6.4.1
ironic_inspector19.15.0.0 – 5.0.1, 6.0.0 – 6.0.2, 6.1.0 – 7.2.3, 8.0.0 – 8.0.2, 8.1.0 – 8.2.0
horizon15.4<=8.0.1, 9.0.0 – 9.0.1
glances19.8< 3.2.1
flask_appbuilder15.3<=3.2.3
ecdsa19.1<0.14
django19.83.1 – 3.1.12, 3.2 – 3.2.4
cryptography17.51.9.0 – 2.3
yamale10*< 3.0.8


1 Affected Library refers to the open source library that contains newly disclosed CVEs.

2 # of CVEs refers to number of newly disclosed CVEs over the past week.

3 Highest CVE Score refers to the highest CVSS Score amongst the newly disclosed CVEs over the past week. Those omitted in dashes are yet to be determined by MITRE and NVD.

4 Affected versions refers to the versions of affected library that contains the newly disclosed CVEs.



Affected libraries may also exist in your transitive dependencies.

Scantist helps you find and fix your vulnerabilities instantly. Sign up for free and start scanning now.

We support other languages upon request. Subscribe to receive our weekly CSA alerts straight to your inbox.