Open mend-bolt-for-github[bot] opened 2 years ago
Probably the most modern and sophisticated insecure web application
Library home page: https://sourceforge.net/projects/juice-shop/
Found in HEAD commit: 15b744adda384be966bd6bcc52d9830c8bab440a
Found in base branch: master
/node_modules/libxmljs2/vendor/libxml/entities.c
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Publish Date: 2022-11-23
URL: CVE-2022-40304
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Release Date: 2022-09-09
Fix Resolution: v2.10.3
Step up your Open Source Security Game with Mend here
CVE-2022-40304 - High Severity Vulnerability
Vulnerable Library - juice-shopjuice-shop-8.3.0_node8_linux_x64
Probably the most modern and sophisticated insecure web application
Library home page: https://sourceforge.net/projects/juice-shop/
Found in HEAD commit: 15b744adda384be966bd6bcc52d9830c8bab440a
Found in base branch: master
Vulnerable Source Files (1)
/node_modules/libxmljs2/vendor/libxml/entities.c
Vulnerability Details
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Publish Date: 2022-11-23
URL: CVE-2022-40304
CVSS 3 Score Details (7.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2022-09-09
Fix Resolution: v2.10.3
Step up your Open Source Security Game with Mend here