search

doc-ai / react-native-tensorio-tflite

Tensor/IO for React Native with the TF Lite backend
Other
5 stars 0 forks source link

CVE-2021-22878 (Medium) detected in multiple libraries - autoclosed #17

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 3 years ago

CVE-2021-22878 - Medium Severity Vulnerability

Vulnerable Libraries - Flipper-Folly-2.3.0, Yoga-1.14.0, Flipper-RSocket-1.1.1, YogaKit-1.18.1

Flipper-Folly-2.3.0

Library home page: https://github.com/facebook/folly/archive/v2020.04.06.00.zip

Path to dependency file: react-native-tensorio-tflite/example/ios/Podfile.lock

Path to vulnerable library: react-native-tensorio-tflite/example/ios/Podfile.lock,react-native-tensorio-tflite/example/ios/Podfile.lock

Dependency Hierarchy: - FlipperKit-0.33.1 (Root Library) - FlipperKit/Core-0.33.1 - FlipperKit/CppBridge-0.33.1 - Flipper-0.33.1 - Flipper-RSocket-1.1.1 - :x: **Flipper-Folly-2.3.0** (Vulnerable Library)

Yoga-1.14.0

Yoga is a cross-platform layout engine enabling maximum collaboration within your team by implementing an API many designers are familiar with, and opening it up to developers across different platforms.

Library home page: https://github.com/facebook/yoga/archive/1.14.0.zip

Path to dependency file: react-native-tensorio-tflite/example/ios/Podfile.lock

Path to vulnerable library: react-native-tensorio-tflite/example/ios/Podfile.lock,react-native-tensorio-tflite/example/ios/Podfile.lock

Dependency Hierarchy: - :x: **Yoga-1.14.0** (Vulnerable Library)

Flipper-RSocket-1.1.1

Library home page: https://github.com/priteshrnandgaonkar/rsocket-cpp/archive/0.11.0.zip

Path to dependency file: react-native-tensorio-tflite/example/ios/Podfile.lock

Path to vulnerable library: react-native-tensorio-tflite/example/ios/Podfile.lock

Dependency Hierarchy: - FlipperKit-0.33.1 (Root Library) - FlipperKit/Core-0.33.1 - FlipperKit/CppBridge-0.33.1 - Flipper-0.33.1 - :x: **Flipper-RSocket-1.1.1** (Vulnerable Library)

YogaKit-1.18.1

Yoga is a cross-platform layout engine enabling maximum collaboration within your team by implementing an API many designers are familiar with, and opening it up to developers across different platforms.

Library home page: https://github.com/facebook/yoga/archive/1.18.0.zip

Path to dependency file: react-native-tensorio-tflite/example/ios/Podfile.lock

Path to vulnerable library: react-native-tensorio-tflite/example/ios/Podfile.lock

Dependency Hierarchy: - FlipperKit/FlipperKitLayoutPlugin-0.33.1 (Root Library) - :x: **YogaKit-1.18.1** (Vulnerable Library)

Found in HEAD commit: 91589085d84c9d4de09f450839b0e3caa982e0b9

Found in base branch: master

Vulnerability Details

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.

Publish Date: 2021-03-03

URL: CVE-2021-22878

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: High - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nextcloud.com/security/advisory/?id=NC-SA-2021-005

Release Date: 2021-03-03

Fix Resolution: v20.0.6

mend-for-github-com[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.