Closed darcosion closed 2 months ago
Checkmarx One – Scan Summary & Details – db4c76be-64b6-4dd0-ac1c-ff26270a8924
Severity | Issue | Source File / Package |
---|---|---|
CVE-2024-38081 | Nuget-Microsoft.IO.Redist-6.0.0 | |
Client_DOM_Code_Injection | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 6511 | |
Client_DOM_XSS | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5491 | |
Client_DOM_XSS | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5502 | |
Code_Injection | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydevd_bundle/pydevconsole_code.py: 467 | |
Code_Injection | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106 | |
Code_Injection | /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36 | |
Code_Injection | /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66 | |
Code_Injection | /Extensions/Microsoft/Python/Profiling/proflaun.py: 28 | |
Code_Injection | /Extensions/Microsoft/Python/Profiling/proflaun.py: 28 | |
Code_Injection | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_sitecustomize/sitecustomize.py: 179 | |
Command_Injection | /Extensions/Microsoft/Python/Core/testlauncher.py: 93 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 44 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 127 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 112 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 419 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 379 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd/repl/jupyter_client.py: 233 | |
Command_Injection | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydev_bundle/pydev_ipython_console_011.py: 73 | |
Command_Injection | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38 | |
Command_Injection | /Extensions/Microsoft/Python/Core/debugpy/launcher/handlers.py: 73 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd/__main__.py: 36 | |
Command_Injection | /Extensions/Microsoft/Python/Core/ptvsd_launcher.py: 66 | |
Cxdca8e59f-8bfe | Npm-inflight-1.0.6 | |
Local_File_Inclusion | /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288 | |
Local_File_Inclusion | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106 | |
Local_File_Inclusion | /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 72 | |
Local_File_Inclusion | /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/testlauncher.py: 44 | |
OS_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 28 | |
Prototype_Pollution | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5491 | |
Prototype_Pollution | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/MicrosoftAjax-4.0.0.0.debug.js: 5502 | |
Reflected_XSS | /PrivateAssemblies/plugin.vs.v2.js: 2272 | |
Resource_Injection | /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227 | |
Unsafe_Deserialization | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/_pydev_runfiles/pydev_runfiles_pytest2.py: 21 | |
Buffer_Overflow_AddressOfLocalVarReturned | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 101 | |
CGI_XSS | /CommonExtensions/Platform/Guide/Content/Projects/Welcome.CSharp/Welcome.CSharp/Program.cs: 7 | |
CVE-2019-14862 | Npm-knockout-3.4.0 | |
CVE-2024-29992 | Nuget-Azure.Identity-1.10.2 | |
CVE-2024-4067 | Npm-micromatch-4.0.7 | |
Client_Potential_XSS | /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 47 | |
Client_Potential_XSS | /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 45 | |
Client_Potential_XSS | /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/summaryView.html: 41 | |
Client_Potential_XSS | /CommonExtensions/Platform/Shell/ExtensionManagerWindowResources/Webviews/node_modules/dompurify/purify.js: 1187 | |
Client_Potential_XSS | /PrivateAssemblies/plugin.vs.v2.js: 2210 | |
Client_Potential_XSS | /PrivateAssemblies/plugin.vs.v2.js: 2210 | |
Client_Potential_XSS | /CommonExtensions/Microsoft/ClientDiagnostics/AppResponsiveness/View/DiagnosticsCommon/Bpt.Diagnostics.CommonMerged.js: 1295 | |
Client_Potential_XSS | /CommonExtensions/Platform/DiagnosticsHub/WebViews/Scripts/knockout-3.4.0.js: 22 | |
Client_Potential_XSS | /CommonExtensions/Platform/DiagnosticsHub/EdgeWebViews/scripts/knockout-3.4.0.js: 22 | |
Client_Potential_XSS | /CommonExtensions/Platform/Debugger/WebViews/Knockout/knockout-3.4.0.js: 22 | |
Client_Potential_XSS | /CommonExtensions/Microsoft/IceCap/WebViews/Scripts/knockout-3.4.0.js: 22 | |
Client_Potential_XSS | /CommonExtensions/Platform/Debugger/WebViews/BptDiagnosticCommon/JSTreeDynamicGridControl.js: 2672 | |
Cxb90148b9-bcbe | Npm-knockout-3.4.0 | |
Dangerous_Functions | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/py_win_helpers.hpp: 9 | |
Dangerous_Functions | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_version.hpp: 66 | |
Dangerous_Functions | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_version.hpp: 54 | |
Hardcoded_Password_in_Connection_String | /Extensions/Microsoft/Python/Core/visualstudio_py_testlauncher.py: 237 | |
Hardcoded_Password_in_Connection_String | /Extensions/Microsoft/Python/Core/visualstudio_py_testlauncher.py: 237 | |
MemoryFree_on_StackVariable | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 137 | |
Memory_Leak | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 185 | |
Memory_Leak | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/common/py_settrace.hpp: 166 | |
Memory_Leak | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd_attach_to_process/windows/attach.cpp: 170 | |
Object_Access_Violation | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106 | |
Object_Access_Violation | /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288 | |
Object_Access_Violation | /Extensions/Microsoft/Python/Core/pylance/dist/scripts/scrape_module.py: 1288 | |
Object_Access_Violation | /Extensions/Microsoft/Python/Core/ptvsd_repl_launcher.py: 72 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd.py: 3288 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydevd.py: 3288 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/adapter/__main__.py: 227 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_coverage.py: 38 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/pydev_run_in_console.py: 106 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/debugpy/_vendored/pydevd/setup_pydevd_cython.py: 30 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/testlauncher.py: 44 | |
Path_Traversal | /Extensions/Microsoft/Python/Core/testlauncher.py: 44 | |
Path_Traversal |
fix le bug #93