Open dev-mend-for-github-com[bot] opened 11 months ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
Vulnerable Library - james-heinrich/getid3-v1.9.15
PHP script that extracts useful information from popular multimedia file formats
Library home page: https://api.github.com/repos/JamesHeinrich/getID3/zipball/df9b441e547da1018b1be0e239bee095c9962c96
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2014-9487
### Vulnerable Library - james-heinrich/getid3-v1.9.15PHP script that extracts useful information from popular multimedia file formats
Library home page: https://api.github.com/repos/JamesHeinrich/getID3/zipball/df9b441e547da1018b1be0e239bee095c9962c96
Dependency Hierarchy: - :x: **james-heinrich/getid3-v1.9.15** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsThe getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Publish Date: 2017-10-17
URL: CVE-2014-9487
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2017-10-17
Fix Resolution: v1.9.8
CVE-2021-40926
### Vulnerable Library - james-heinrich/getid3-v1.9.15PHP script that extracts useful information from popular multimedia file formats
Library home page: https://api.github.com/repos/JamesHeinrich/getID3/zipball/df9b441e547da1018b1be0e239bee095c9962c96
Dependency Hierarchy: - :x: **james-heinrich/getid3-v1.9.15** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsCross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
Publish Date: 2021-10-01
URL: CVE-2021-40926
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-40926
Release Date: 2021-10-01
Fix Resolution: php-getid3 - 1.9.21+dfsg-1
CVE-2018-10665
### Vulnerable Library - james-heinrich/getid3-v1.9.15PHP script that extracts useful information from popular multimedia file formats
Library home page: https://api.github.com/repos/JamesHeinrich/getID3/zipball/df9b441e547da1018b1be0e239bee095c9962c96
Dependency Hierarchy: - :x: **james-heinrich/getid3-v1.9.15** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
Publish Date: 2022-10-03
URL: CVE-2018-10665
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10665
Release Date: 2018-05-02
Fix Resolution: v5.3.5