Scantist CSA: Curated Security Advisory (29 Jul 2021)

Scantist CSA: Curated Security Advisory (29 Jul 2021)

Scantist Admin

Scantist Admin

- Curated Security Advisory

Scantist CSA:
Curated Security Advisory (22 Jul 2021)

Data is crawled between 22 to 28 Jul 2021

Java

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
com.fasterxml.jackson.core:jackson-databind269.8<2.9.10.8, 2.10.0 – 2.10.5.0
com.thoughtworks.xstream:xstream139.9<=1.4.15
org.apache.tomcat:tomcat77.57.0.0 – 7.0.107, 8.5.0 – 8.5.65, 9.0.0.M1 – 9.0.46, 10.0.0-M1 – 10.0.6
org.apache.commons:commons-compress57.5<=1.20
org.apache.pdfbox:pdfbox49.8<=2.0.23
org.webjars:bootstrap46.1< 3.4.1, 4.0.0 – 4.1.2, 4.3.0
org.webjars.npm:bootstrap46.1< 3.4.1, 4.0.0 – 4.1.2, 4.3.0
org.eclipse.jetty:jetty-project37.57.2.2 – 9.4.42, 10.0.0.alpha0 – 10.0.5, 11.0.0.alpha0 – 11.0.5
org.apache.activemq:apache-activemq29.84.0.0 – 5.11.3, 5.12.0 – 5.16.1
org.apache.ant:ant27.51.1 – 1.9.14, 1.10.0 – 1.10.8
org.webjars.npm:jquery26.1<=3.5.0
org.apache.shiro:shiro-spring29.8<1.6.0, 1.7.0
org.apache.shiro:shiro-core29.8<1.7.0
io.netty:netty-codec-http225.9<4.1.61.Final
org.webjars.bower:bootstrap26.1< 3.4.0, 4.0.0 – 4.1.1
org.apache.spark:spark-core29.8<=2.4.5
org.springframework:spring-core27.54.3.0 – 4.3.19, 4.2.0 – 4.2.8, 5.0.0 – 5.0.16, 5.1.0 – 5.1.12, 5.2.0 – 5.2.2
org.apache.tomcat:tomcat-catalina277.0.0 – 7.0.107, 8.5.0 – 8.5.61, 9.0.0-m1 – 9.0.41, 10.0.0-M1 – 10.0.0
org.apache.zookeeper:zookeeper27.51.0.0 – 3.4.13, 3.5.0 – 3.5.2
org.eclipse.jetty:jetty-server29.8<=9.2.26.v20180806, 9.3.0 – 9.3.23, 9.4.0 – 9.4.10
oracle:weblogic_server29.810.3.6.0, 12.1.3.0, 12.2.1.3
org.webjars.bowergithub.twbs:bootstrap26.1< 3.4.0, 4.0.0 – 4.1.1
redhat:icedtea-web28.6<=1.7.2, 1.8.2
apache:tomcat29.87.0.0 – 7.0.106, 8.5.0 – 8.5.59, 9.0.0.M1 – 9.0.39, 10.0.0-M1 – 10.0.0-M9
org.webjars:jquery26.11.2.0 – 3.5.0
org.webjars.bower:axios17.5<=0.18.0
org.wso2.carbon.governance:org.wso2.carbon.governance.generic.ui19.1<4.8.18
org.springframework:spring-websocket17.54.2.0.RELEASE – 4.2.8.RELEASE, 4.3.0.RELEASE – 4.3.19, 5.0.0.RELEASE – 5.0.9.RELEASE
org.webjars.bower:Chart.js17.5<2.9.4
org.webjars.bower:angularjs17.51.4.0-beta.6 – 1.7.9
org.wso2.carbon.governance:org.wso2.carbon.governance.generic19.1<4.8.17
org.wso2.carbon.commons:org.wso2.carbon.tools.wsdlvalidator17.2<4.7.26
org.springframework.ws:spring-ws19.8<=2.4.3.RELEASE, 3.0.0.RELEASE – 3.0.4.RELEASE
org.webjars.bower:casperjs19.8all_versions
org.wso2.carbon.analytics-common:org.wso2.carbon.event.receiver.core16.5<5.2.24
org.webjars.bower:dojo17.5<=1.13.0
org.webjars.bower:github-com-angular-angular-js17.51.4.0-beta.6 – 1.7.9
org.wso2.carbon.analytics-common:org.wso2.carbon.event.publisher.core16.5<5.2.24
org.webjars.bower:handlebars19.8<=4.0.12
org.springframework.ws:spring-xml19.8<=2.4.3.RELEASE, 3.0.0.RELEASE – 3.0.4.RELEASE
org.webjars.npm:y18n17.3<6.0.0-alpha.0
pivotal_software:spring_framework16.5<=4.2.9, 4.3.0 – 4.3.28, 5.0.0 – 5.0.18, 5.1.0 – 5.1.17, 5.2.0 – 5.2.8
org.webswing:webswing19.8<2.6.12, 20.0
org.sonatype.nexus:nexus-parent18.8< 3.21.2
org.slf4j:slf4j-ext19.8<1.7.26, 1.8.0-alpha1, 1.8.0-alpha2, 1.8.0-beta1, 1.8.0-beta2
org.quartz-scheduler:quartz-parent19.8<=2.3.0
org.openidentityplatform.openam:openam10*14.6.3
org.mule.runtime:mule17.54.0.0 – 4.3.0
org.jszip.redist:bootstrap16.13.0.0 – 3.4.0, 4.0.0-beta – 4.0.0-beta.1
org.fujion.webjars:lodash15.3<4.17.21
org.elasticsearch:elasticsearch10*<7.13.3
org.eclipse.jetty:jetty-webapp17<=9.4.32.v20200930, 10.0.0 – 10.0.0.beta2, 11.0.0 – 11.0.0.beta2
org.eclipse.jetty:jetty-util17.59.3.20.v20170531, 9.4.6.v20170531
xalan:xalan17.5<=2.7.1
org.eclipse.jetty:jetty-servlets15.3<=9.4.40.v20210413, 10.0.0 – 10.0.2, 11.0.0 – 11.0.2
org.eclipse.jetty:jetty-security17.59.3.20.v20170531, 9.4.6.v20170531
org.webjars.bower:jquery16.11.2.2 – 3.5.0
org.webjars.bower:jquery-ui16.1<=1.11.4
org.webjars.npm:ua-parser-js17.5all_versions
org.webjars.npm:json-ptr17.3all_versions
org.webjars.npm:dompurify16.1<2.0.17
org.webjars.npm:handlebars19.81.3.0 – 4.2.2
org.webjars.npm:jquery-ui16.1<1.12.0
org.webjars:handlebars19.81.1.2 – 4.0.14
org.webjars.npm:json-pointer16<=0.6.0
org.webjars:angularjs17.51.4.0-beta.6 – 1.7.8
org.webjars.npm:lodash15.3<4.17.21
org.webjars.bower:lodash15.3<4.17.21
org.webjars.npm:mixin-deep19.8<1.3.2
org.webjars.npm:mxgraph16.1<=4.0.0
org.webjars.npm:yargs-parser15.3<13.1.2, 15.0.0, 16.0.0 – 18.1.0
org.webjars.npm:nodemailer19.8all_versions
org.webjars.npm:safer-eval19.8all_versions
org.webjars.npm:socket.io-parser17.5< 3.4.1
org.webjars.npm:dojo17.5<1.16.2
org.webjars.npm:chart.js17.5<2.9.4
org.webjars:jquery-ui16.1<1.12.0
org.webjars.npm:axios17.5<=0.18.0
org.webjars.npm:angular17.51.4.0-beta.6 – 1.7.9
org.webjars:lodash15.3<=4.17.21
org.webjars.npm:ajv15.66.12.2
org.eclipse.jetty:jetty-jaspi17.59.3.20.v20170531, 9.4.6-20170531
org.webjars.bowergithub.openpgpjs:openpgpjs15.9<=4.2.0
org.webjars.bowergithub.lodash:lodash15.3<4.17.21
org.webjars.bowergithub.jgraph:mxgraph16.1<=4.0.0
org.webjars.bowergithub.faisalman:ua-parser-js17.5all_versions
org.webjars.bowergithub.dojo:dojo17.5<=1.16.1
org.webjars.bowergithub.chartjs:chart.js17.5<2.9.4
org.webjars.bowergithub.axios:axios17.5<=0.18.0
org.webjars.bower:thrift17.5<0.13.0
org.webjars.bower:mxgraph16.1<=4.0.0
alkacon:opencms14.310.5.4, 10.5.5
org.apache.ws.security:wss4j18.82.3.1
org.eclipse.jetty:jetty-client19.8<=9.2.26.v20180806, 9.3.0.M0 – 9.3.24.v20180605, 9.4.0.M0 – 9.4.11.v20180605
org.apache.archiva:archiva16.52.0.0 – 2.2.3
net.i2p:router17.8<0.9.46
net.opentsdb:opentsdb19.8<=2.4.0
org.apache.activemq:activemq-client17.55.0.0 – 5.15.8
org.apache.activemq:activemq-core15.9<5.15.12
org.apache.activemq:activemq-jaas17.55.15.12, 5.16.0
org.apache.activemq:activemq-web-console16.15.0.0 – 5.15.11
org.apache.activemq:artemis-server17.5 <2.16.0
org.apache.camel:camel-api17.5< 3.2.0
org.eclipse.jetty.aggregate:jetty-all17.59.3.20.v20170531, 9.4.6.v20170531
org.apache.camel:camel-core-xml17.5< 3.2.0
org.apache.camel:camel-main17.5< 3.2.0
org.apache.camel:camel-management17.5< 3.2.0
org.apache.camel:camel-management-api17.5< 3.2.0
org.apache.camel:camel-openapi-java19.83.0.0 – 3.1.0, 2.22.0 – 2.25.0
org.apache.camel:camel-openapi-rest-dsl-generator19.83.0.0 – 3.1.0, 2.22.0 – 2.25.0
org.apache.camel:camel-rest-openapi19.83.0.0 – 3.1.0, 2.22.0 – 2.25.0
io.undertow:undertow-core17.5<2.1.1.Final
io.pebbletemplates:pebble-project19.83.1.2
io.netty:netty-codec-http15.5<4.1.59.Final
io.netty:netty-codec17.5<4.1.46.Final
com.alibaba.nacos:nacos-api15.31.1.4
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor17.5<2.11.4, 2.12.0-rc1 – 2.12.0
com.fasterxml.jackson.dataformat:jackson-dataformats-binary17.5<2.11.4, 2.12.0-rc1 – 2.12.0
com.google.guava:guava13.3< 30.0.0
com.google.oauth-client:google-oauth-client19.1<1.31.0
com.graphhopper:graphhopper-web-bundle10*< 3.2, 3.3 – 4.0-pre1
com.hubspot.jinjava:jinjava16.5<2.5.4
com.walmartlabs.concord.server:concord-server17.5<1.44.0
com.xuxueli:xxl-job17.52.2.0
commons-beanutils:commons-beanutils17.3<=1.9.3
io.jooby:jooby-project19.8<2.2.1
io.micronaut:micronaut-core17.5<2.5.9
org.apache.commons:commons-configuration2110<2.7-RC1
org.apache.cxf:cxf-rt-management15.3< 3.2.13, 3.3.0 – 3.3.5
org.apache.directory.studio:ldapbrowser.core17.8<2.0.0-M10
org.apache.struts:struts2-core19.82.0.0 – 2.5.24
org.apache.thrift:libthrift17.5<0.13.0
org.apache.tika:tika15.51.24.0
org.apache.tomcat.embed:tomcat-embed-core177.0.0 – 7.0.107, 8.5.0 – 8.5.61, 9.0.0-m1 – 9.0.41, 10.0.0-M1 – 10.0.0
org.apache.unomi:unomi-persistence-elasticsearch-core19.8<1.5.1
org.apache.unomi:unomi-plugins-base19.8<1.5.1
org.apache.unomi:unomi-services19.8<1.5.1
org.apache.velocity:velocity-engine-core18.8<=2.2
org.apache.velocity:velocity-tools16.1< 3.1
org.apache.wicket:wicket17.57.16.0, 8.8.0, 9.0.0
apache:batik18.2<=1.13
org.apache.xmlgraphics:batik17.5<1.13
org.apache.xmlgraphics:xmlgraphics-commons18.22.4.0
org.codehaus.groovy:groovy15.52.0.0 – 2.4.20, 2.5.0 – 2.5.13, 3.0.0 – 3.0.6, 4.0.0-alpha-1
org.dom4j:dom4j19.82.1.0 – 2.1.2, 2.0.0 – 2.0.2
org.apache.syncope:syncope19.82.1.0 – 2.1.5
org.apache.sshd:sshd-mina17.52.0.0 – 2.6.0
org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core17.8<2.0.0.v20151221-M10
org.apache.solr:solr-core17.55.0.0 – 8.3.1
org.apache.directory.studio:org.apache.directory.studio.parent17.8<2.0.0.v20151221-M10
org.apache.druid.extensions:druid-basic-security16.5<0.18.0
org.apache.flink:flink-metrics-jmx14.71.1.0 – 1.10.0
org.apache.httpcomponents:httpclient15.3<4.5.13, 5.0.0 – 5.0.2
org.apache.jackrabbit:oak-run17.51.2.0 – 1.2.22, 1.4.0 – 1.4.25, 1.6.0 – 1.6.19, 1.8.0 – 1.8.19, 1.10.0 – 1.10.7, 1.12.0 – 1.22.0
org.apache.nifi:nifi17.51.2.0 – 1.11.4
org.apache.nifi:nifi-framework-core17.50.0.1-incubating – 1.11.0
org.apache.nifi:nifi-parameter15.3<1.11.0-RC1
org.apache.nifi:nifi-security-utils17.50.0.1-incubating – 1.11.0
org.apache.poi:poi15.5<=4.1.0
org.apache.qpid:apache-qpid-broker-j17.56.0.0 – 7.0.6, 7.1.0
org.apache.shiro:shiro-guice17.5<1.6.0
org.apache.shiro:shiro-root19.8<1.5.3
org.apache.shiro:shiro-spring-boot-web-starter17.5<1.6.0
org.apache.shiro:shiro-web17.5<1.6.0
xmltooling_project:xmltooling17.5< 3.0.4


JavaScript

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
electron259.8<9.4.2,10.0.0 – 10.3.1, 11.0.0 – 11.2.1
qualcomm77.8all_versions
bootstrap66.1< 3.4.1, 4.3.0 – 4.3.1
node59.86.0.0 – 6.8.1, 6.9.0 – 6.13.1, 10.0.0 – 10.19.0, 12.0.0 – 12.15.0, 12.16.3 – 12.19.0, 13.0.0 – 13.8.0 , 14.13.0 – 14.15.0, 15.0.0 – 15.2.0
ckeditor446.7<4.16.0
jquery36.1< 3.4.0
lodash37.4<4.17.21
handlebars29.8< 3.0.8, 4.0.0 – 4.4.4
multi-ini29.8<2.1.2
bootstrap-sass26.1< 3.4.0
thunderbird29.8<68.6
kibana26.7<6.8.11, 7.0.0 – 7.8.0
locutus29.8<2.0.12
limesurvey:limesurvey25.3< 3.17.14
op-browser19.8<=1.0.6
node-mpv19.8<=1.4.3
node-oojs19.8<=1.4.0
node-prompt-here19.8<=1.0.1
node-ps19.8<=0.0.2
nodemailer19.8<6.4.16
npm-programmatic19.8<=0.0.12
node-rules19.83.0.0 – 4.0.2
node.js17.5<15.10.0
object-hierarchy-access19.80.2.0 – 0.32.0
nuance-gulp-build-common19.8all_versions
node-key-sender19.8<=1.0.11
nodee-utils19.8<=1.2.2
mysql15.52.17.1
node-forge17.3<0.10.0
node-extend19.8<=0.2.0
linux-cmdline19.8<1.0.1
lix18.1<=15.8.7
lodahs18.80.0.1
lodash.template17.2all_versions
macfromip19.8<=1.1.1
madlib-object-utils19.8<0.1.7
mattermost-desktop19.8<4.3.0
minimist15.6<1.2.2
mixin-deep19.8<1.3.2, 2.0.0
mock2easy19.8all_versions
mosc18.6<=1.0.0
msgpack10*all_versions
mxgraph16.1<=4.0.0
osm-static-maps17.6<=3.8.1
nis-utils19.8all_versions
openpgp15.9<=4.2.0
@grpc/grpc-js17.5<=1.1.7
pathval17.2<1.1.1
ua-parser-js17.5<0.7.22
taffy17.5<=2.6.2
templ819.8all_versions
theme-core19.8all_versions
thrift17.5<=0.12.0
tiny-conf19.8<=1.1.0
total.js18.6< 3.4.7
trim 17.5all_versions
ts-process-promises19.8all_versions
umount19.8<=1.1.6
phantom-html-to-pdf17.5<=0.6.0
underscore17.21.13-0 – 1.13.0-2, 1.3.2 – 1.12.1
url-parse10*<1.5.2
utilitify18.8<1.0.3
vega14.3<1.13.1
wc-cmd19.8all_versions
wifiscanner19.81.0.1
worksmith19.8<=1.0.0
y18n17.3< 3.2.2, 4.0.0, 5.0.0 – 5.0.4
systeminformation18.8<4.27.11
superset16.50.34.0 – 0.35.1
strapi17.2< 3.0.0-beta.17.8
spritesheet-js19.8<=1.2.6
karma-mojo19.8<=1.0.1
png-img18.8< 3.1.0
pomelo-monitor19.8<=0.3.7
promisehelpers19.8<=0.0.5
property-expr19.8<2.0.3
prototype14.31.6.0.1
prototypejs:prototype_javascript_framework17.5<1.6.0.2
pulverizr19.8<=0.7.0
querymen15.3<2.1.4
react-native-webview16.5<11.0.0
restify-paginate17.50.0.5
safe-eval19.8all_versions
safe-object219.8 <=1.0.3
safer-eval19.8all_versions
safetydance17.3<=1.2.1
sds15.3<=3.2.0
socket.io-parser17.52.0.0 – 3.4.0
php-js19.8all_versions
json-pointer16<=0.6.0
jsreport-chrome-pdf16.5<1.10.0
compass-compile19.8<=0.0.1
cd-messenger19.8<=2.7.26
cezerin17.50.33.0
chart.js17.5<2.9.4
clamscan18.1<=1.2.0
class-transforme15.3<=0.2.3
closure-compiler-stream19.8<=0.1.15
closure-library16.5v20200224 – v20200314
codemirror15.3<=5.58.1
confinit15.3<=0.3.0
decompress19.8<4.2.1
confucious19.8<=0.0.12
connection-tester19.8<=0.2.0
connie-lang19.8<0.1.1
controlled-merge17.51.0.0 – 1.2.0
corenlp-js-interface19.8<=1.0.3
corenlp-js-prefab19.8all_versions
csv-parse17.5<4.4.6
dat.gui17.5all_versions
casperjs19.8all_versions
buns19.8all_versions
bson-objectid17.51.3.0
bmoor17.3<0.8.12
@sailshq/lodash17.4all_versions
@scullyio/scully16.1<1.0.9
@tsed/common15.6<5.65.7
JSON17.2<10.0.0
access-policy19.8<=3.1.0
adb-driver19.8<=0.1.8
airdrop17.5<=2.0
ajv15.66.12.2
anchorme10*all_versions
angularjs17.51.4.0-beta.6 – 1.7.8
apiconnect-cli-plugins19.8<=6.0.1
arr-flatten-unflatten19.8<=1.0.2
assign-deep17.5<0.4.8, 1.0.0
async-git19.8<1.13.2
axios17.5<=0.18.0
bcrypt17.5<5.0.0
bestzip19.8<2.1.7
datatable17.3<1.10.22
deephas19.81.0.0 – 1.0.5
json819.8<1.0.3
hashbrown-cms19.8<=1.3.3
get-git-data19.8<=1.3.1
git-add-remote19.8<=1.0.0
gitlogplus10*<=3.1.7
grafana15.56.0.0 – 6.3.6
grpc17.5<1.24.4
gulp-scss-lint19.8<=1.0.0
gulp-styledocco19.8<=0.0.3
gulp-tape19.8<=1.0.0
heroku-addonpool19.8<=0.1.15
deeps19.8<=1.4.5
html-pdf17.52.2.0
ini17.3<=1.3.5
install-package19.8<=0.4.0
jQuery16.1< 3.4.0
jquery-ui16.1<1.12.0'
jscover19.8<=1.0.0
@irrelon/path19.8<4.7.0
json-ptr17.3all_versions
geojson2kml19.8all_versions
gedi19.8<=1.6.3
gatsby-source-wordpress17.5<5.9.2
gammautils19.8<=0.0.81
diskusage-ng19.8<=0.2.4
djv19.8<2.1.4
djvalidator17.5<=1.1.1
docker-compose-remote-api19.8<=0.1.4
dojo17.5<1.12.8, 1.13.0 – 1.13.6, 1.14.0 – 1.14.5, 1.15.0 – 1.15.2, 1.16.0 – 1.16.1
dompurify16.1<2.0.17
dot15.3<=1.0.3
dot-get-set19.8<=1.2.1
dot-notes19.8<=3.2.0
effect19.8<=1.0.4
etherpad:etherpad16.11.8.13
express-fileupload19.8<1.1.8
express-mock-middleware15.3<=0.0.6
express-validators15.3all_versions
faye14.30.5.0 – 0.8.8
field19.80.0.1 – 1.0.1
fun-map18.1<=3.3.1
yargs-parser15.3<13.1.2, 14.0.0 – 15.0.0, 16.0.0 – 18.1.0


Python

Affected Library 1# of CVEs 2Highest CVE Score 3Affected Versions 4
tensorflow337.8<2.1.4, 2.2.0 – 2.2.2, 2.3.0 – 2.3.2, 2.4.0 – 2.4.1
tensorflow_cpu307.8<2.1.4, 2.2.0 – 2.2.2, 2.3.0 – 2.3.2, 2.4.0 – 2.4.1
pillow59.8<=8.2.0
salt39.8<2019.2.5, 3000.0.0 – 3000.1.7
plone29.84.3.0 – 5.2.1
apache_airflow28.8<1.10.14
pyxdg17.5<0.26
protobuf18.8< 3.4.0
pwntools19.8<4.3.1
pypiserver16.1<=1.2.5
python17.5<=3.8.3
Flask-Cors17.5< 3.0.9
rdflib19.84.2.1 – 4.2.3
ruamel.yaml19.8<0.16.7
thrift17.5<0.13.0
twisted19.8<=19.10.0
synapse17.5<0.34.0.1
nnabla19.8<=1.0.14
nova16.5<17.0.11, 18.0 – 18.2.1, 19.0 – 19.0.1
aioxmpp17.4<=0.10.2
crmsh17.8<=4.2.1
crmsh_boot17.8<=4.2.1
cryptography19.1< 3.3.2
django16.51.11 – 1.11.17, 2.0 – 2.0.9, 2.1 – 2.1.4
django_nopassword17.5<5.0.0
fail2ban:fail2ban18.1<=0.9.7, 0.10.0 – 0.10.6, 0.11.0 – 0.11.2
gateone19.8<=1.2.0
gdal19.8<=3.0.1
gerapy19.8<0.9.3b1
ipycache18.8<2016-05-31
jinja215.3<2.11.3
lxml16.11.2 – 4.6.0
matrix_synapse17.5<1.20.0
modoboa_dmarc17.51.1.0
nfstream15.55.2.0
uvicorn17.5<0.11.7


1 Affected Library refers to the open source library that contains newly disclosed CVEs.

2 # of CVEs refers to number of newly disclosed CVEs over the past week.

3 Highest CVE Score refers to the highest CVSS Score amongst the newly disclosed CVEs over the past week. Those omitted in dashes are yet to be determined by MITRE and NVD.

4 Affected versions refers to the versions of affected library that contains the newly disclosed CVEs.



Affected libraries may also exist in your transitive dependencies.

Scantist helps you find and fix your vulnerabilities instantly. Sign up for free and start scanning now.

We support other languages upon request. Subscribe to receive our weekly CSA alerts straight to your inbox.