diff --git a/labs/lab10/imports/import-grype-vuln-results.json.json b/labs/lab10/imports/import-grype-vuln-results.json.json new file mode 100644 index 00000000..e2651103 --- /dev/null +++ b/labs/lab10/imports/import-grype-vuln-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":4,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":12,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":12},"low":{"active":1,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":1},"medium":{"active":23,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":23},"high":{"active":21,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":21},"critical":{"active":8,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":8},"total":{"active":65,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":65}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Anchore Grype","close_old_findings":false,"close_old_findings_product_scope":false,"test":4} \ No newline at end of file diff --git a/labs/lab10/imports/import-nuclei-results.json.json b/labs/lab10/imports/import-nuclei-results.json.json new file mode 100644 index 00000000..eddf8cb1 --- /dev/null +++ b/labs/lab10/imports/import-nuclei-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":3,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Nuclei Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":3} \ No newline at end of file diff --git a/labs/lab10/imports/import-semgrep-results.json.json b/labs/lab10/imports/import-semgrep-results.json.json new file mode 100644 index 00000000..52cc43d8 --- /dev/null +++ b/labs/lab10/imports/import-semgrep-results.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":1,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":18,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":18},"high":{"active":7,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":7},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":25,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":25}}},"pro":["Did you know, Pro has an automated no-code connector for Semgrep JSON Report? Try today for free or email us at hello@defectdojo.com"],"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Semgrep JSON Report","close_old_findings":false,"close_old_findings_product_scope":false,"test":1} \ No newline at end of file diff --git a/labs/lab10/imports/import-trivy-vuln-detailed.json.json b/labs/lab10/imports/import-trivy-vuln-detailed.json.json new file mode 100644 index 00000000..d71eb346 --- /dev/null +++ b/labs/lab10/imports/import-trivy-vuln-detailed.json.json @@ -0,0 +1 @@ +{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":2,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Trivy Operator Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":2} \ No newline at end of file diff --git a/labs/lab10/imports/run-imports.sh b/labs/lab10/imports/run-imports.sh index 0f0e33c9..c0b078bc 100644 --- a/labs/lab10/imports/run-imports.sh +++ b/labs/lab10/imports/run-imports.sh @@ -52,7 +52,12 @@ SCAN_NUCLEI="${SCAN_NUCLEI:-}" if $have_jq; then echo "Discovering importer names from /test_types/ ..." - mapfile -t types < <(curl -sS -H "Authorization: Token $DD_TOKEN" "$DD_API/test_types/?limit=2000" | jq -r '.results[].name') + # mapfile is a Bash 4+ builtin; macOS ships with Bash 3 which doesn't have it. Use a + # POSIX-friendly read loop to populate the 'types' array instead for compatibility. + types=() + while IFS= read -r t; do + types+=("$t") + done < <(curl -sS -H "Authorization: Token $DD_TOKEN" "$DD_API/test_types/?limit=2000" | jq -r '.results[].name') choose_type() { local pat="$1" local fallback="$2" diff --git a/labs/lab10/report/.DS_Store b/labs/lab10/report/.DS_Store new file mode 100644 index 00000000..85ce3478 Binary files /dev/null and b/labs/lab10/report/.DS_Store differ diff --git a/labs/lab10/report/dojo-report.pdf b/labs/lab10/report/dojo-report.pdf new file mode 100644 index 00000000..f660e70f Binary files /dev/null and b/labs/lab10/report/dojo-report.pdf differ diff --git a/labs/lab10/report/findings.csv b/labs/lab10/report/findings.csv new file mode 100644 index 00000000..19f188d3 --- /dev/null +++ b/labs/lab10/report/findings.csv @@ -0,0 +1,91 @@ +active,component_name,component_version,created,cvssv3,cvssv3_score,cvssv4,cvssv4_score,cwe,date,defect_review_requested_by,defect_review_requested_by_id,description,duplicate,duplicate_finding,duplicate_finding_id,dynamic_finding,effort_for_fixing,epss_percentile,epss_score,false_p,file_path,finding_group,fix_available,has_finding_group,has_jira_configured,has_jira_group_issue,has_jira_issue,hash_code,id,impact,is_mitigated,kev_date,known_exploited,last_reviewed,last_reviewed_by,last_reviewed_by_id,last_status_update,line,mitigated,mitigated_by,mitigated_by_id,mitigation,nb_occurences,numerical_severity,out_of_scope,param,payload,pgh_event_models,pk,planned_remediation_date,planned_remediation_version,publish_date,ransomware_used,references,reporter,reporter_id,review_requested_by,review_requested_by_id,risk_accepted,sast_sink_object,sast_source_file_path,sast_source_line,sast_source_object,scanner_confidence,service,severity,severity_justification,sla_age,sla_age_days,sla_days_remaining,sla_deadline,sla_expiration_date,sla_start_date,sonarqube_issue,sonarqube_issue_id,static_finding,steps_to_reproduce,test,test_id,thread_id,title,under_defect_review,under_review,unique_id_from_tool,url,verified,violates_sla,vuln_id_from_tool,test,found_by,engagement_id,engagement,product_id,product,endpoints,vulnerability_ids,tags +True,jsonwebtoken,0.4.0,2025-11-12 15:45:18.731511+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Verification Bypass in jsonwebtoken NEWLINE **Related Vulnerability Description:** In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.4.0,False,,,False,,0.97309,0.41149,False,/juice-shop/node_modules/jsonwebtoken/package.json,,,False,,False,,446bfdd26d4b103b1c77eac0d511bf530c5932fe3a97dd64ec2fe2b30109f371,28,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.731495+00:00,,,,,Upgrade to version: 4.2.2,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.4.0,False,False,,,False,,GHSA-c7hr-j4mj-j2w6,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-c7hr-j4mj-j2w6; CVE-2015-9235, +True,vm2,3.9.17,2025-11-12 15:45:18.736832+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17",False,,,False,,0.96958,0.35568,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,c2a7f41be9b517290410d2bb29352182dbd157a58de3c9d90003bb5eaecf96f9,29,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.736814+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-g644-9gfx-q4q4 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-37903 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 NEWLINE - https://security.netapp.com/advisory/ntap-20230831-0007/ NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 NEWLINE - https://security.netapp.com/advisory/ntap-20230831-0007/,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-g644-9gfx-q4q4 in vm2:3.9.17,False,False,,,False,,GHSA-g644-9gfx-q4q4,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-g644-9gfx-q4q4; CVE-2023-37903, +True,vm2,3.9.17,2025-11-12 15:45:18.683868+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17,False,,,False,,0.98613,0.69492,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,f44df2da924687df4a5dcf933a4e7df5c0b1aad02b92274b61cb5cbb8bab3fa1,26,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.683844+00:00,,,,,Upgrade to version: 3.9.18,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-whpj-8f3w-67p5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-32314 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac NEWLINE - https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf NEWLINE - https://github.com/patriksimek/vm2/releases/tag/3.9.18 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 NEWLINE - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac NEWLINE - https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf NEWLINE - https://github.com/patriksimek/vm2/releases/tag/3.9.18 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-whpj-8f3w-67p5 in vm2:3.9.17,False,False,,,False,,GHSA-whpj-8f3w-67p5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-whpj-8f3w-67p5; CVE-2023-32314, +True,marsdb,0.6.11,2025-11-12 15:45:19.016189+00:00,,,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Command Injection in marsdb NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/marsdb@0.6.11,False,,,False,,,,False,/juice-shop/node_modules/marsdb/package.json,,,False,,False,,8796fc2d3932e13a71e854cdeb047fcdb4052b454be7db1661f84ead38fe0097,88,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:19.016173+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-5mrr-rgp6-x4gr,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-5mrr-rgp6-x4gr in marsdb:0.6.11,False,False,,,False,,GHSA-5mrr-rgp6-x4gr,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-5mrr-rgp6-x4gr, +True,lodash,2.4.2,2025-11-12 15:45:18.761794+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H,9.1,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2,False,,,False,,0.78091,0.01176,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,3b1d8d89bee38ea43fa9b863ba5448343af024aca9dbd41387eff36cf1658e3b,34,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.761775+00:00,,,,,Upgrade to version: 4.17.12,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-jf85-cpcp-j695 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2019-10744 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://access.redhat.com/errata/RHSA-2019:3024 NEWLINE - https://security.netapp.com/advisory/ntap-20191004-0005/ NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-450202 NEWLINE - https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS NEWLINE - https://www.oracle.com/security-alerts/cpujan2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2020.html NEWLINE - https://access.redhat.com/errata/RHSA-2019:3024 NEWLINE - https://security.netapp.com/advisory/ntap-20191004-0005/ NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-450202 NEWLINE - https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS NEWLINE - https://www.oracle.com/security-alerts/cpujan2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2020.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-jf85-cpcp-j695 in lodash:2.4.2,False,False,,,False,,GHSA-jf85-cpcp-j695,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-jf85-cpcp-j695; CVE-2019-10744, +True,crypto-js,3.3.0,2025-11-12 15:45:18.766524+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N,9.1,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard NEWLINE **Related Vulnerability Description:** crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/crypto-js@3.3.0",False,,,False,,0.75812,0.00963,False,/juice-shop/node_modules/crypto-js/package.json,,,False,,False,,cc8a900b6a7aa0953913a16e1e3f4b8b0ee095353015c8addffe296e48d984f4,35,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.766505+00:00,,,,,Upgrade to version: 4.2.0,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-46233 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a NEWLINE - https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE - https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html NEWLINE - https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a NEWLINE - https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NEWLINE - https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-xwcq-pm8m-c4vf in crypto-js:3.3.0,False,False,,,False,,GHSA-xwcq-pm8m-c4vf,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-xwcq-pm8m-c4vf; CVE-2023-46233, +True,vm2,3.9.17,2025-11-12 15:45:18.741646+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** vm2 Sandbox Escape vulnerability NEWLINE **Related Vulnerability Description:** vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/vm2@3.9.17",False,,,False,,0.88984,0.04732,False,/juice-shop/node_modules/vm2/package.json,,,False,,False,,6b89c2767f3e1463b4e4fdc1cfa645a357987377771ad170bf58f06ddfd91fbc,30,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.741631+00:00,,,,,,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-cchq-frgv-rjh5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2023-37466 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 NEWLINE - https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-cchq-frgv-rjh5 in vm2:3.9.17,False,False,,,False,,GHSA-cchq-frgv-rjh5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-cchq-frgv-rjh5; CVE-2023-37466, +True,jsonwebtoken,0.1.0,2025-11-12 15:45:18.725857+00:00,CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,9.8,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Verification Bypass in jsonwebtoken NEWLINE **Related Vulnerability Description:** In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.1.0,False,,,False,,0.97309,0.41149,False,/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,,False,,False,,f94a8c9e391d3ea7af36b9c6e4229d9e367b033b77ca154d8087c9e3fbfbf179,27,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.725839+00:00,,,,,Upgrade to version: 4.2.2,1,S0,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-c7hr-j4mj-j2w6 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2015-9235 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html NEWLINE - https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687 NEWLINE - https://nodesecurity.io/advisories/17 NEWLINE - https://www.timmclean.net/2015/02/25/jwt-alg-none.html,Admin User (admin),1,,,False,,,,,,,Critical,,,7,7,2025-11-19,2025-11-19,,,,True,,Anchore Grype,4,0,GHSA-c7hr-j4mj-j2w6 in jsonwebtoken:0.1.0,False,False,,,False,,GHSA-c7hr-j4mj-j2w6,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-c7hr-j4mj-j2w6; CVE-2015-9235, +True,,,2025-11-12 15:45:18.311919+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/dbSchemaChallenge_3.ts,,,False,,False,,01082c2e3b0d087751b2b5a5de33426a8c955da41140cd6cc549631147555033,2,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.311896+00:00,11,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,express-jwt,0.1.3,2025-11-12 15:45:18.865813+00:00,CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N,7.7,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Authorization bypass in express-jwt NEWLINE **Related Vulnerability Description:** In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/express-jwt@0.1.3",False,,,False,,0.27566,0.00095,False,/juice-shop/node_modules/express-jwt/package.json,,,False,,False,,7f3fb4c083bdd0071807f8e4598997fb90839244312b3bf1a0d9b9b1d8f3b891,56,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.865795+00:00,,,,,Upgrade to version: 6.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-6g6m-m6h5-w9gf NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2020-15084 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef NEWLINE - https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf NEWLINE - https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef NEWLINE - https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-6g6m-m6h5-w9gf in express-jwt:0.1.3,False,False,,,False,,GHSA-6g6m-m6h5-w9gf,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-6g6m-m6h5-w9gf; CVE-2020-15084, +True,tar-fs,2.1.3,2025-11-12 15:45:18.880605+00:00,,,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball NEWLINE **Related Vulnerability Description:** tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/tar-fs@2.1.3",False,,,False,,0.20898,0.00066,False,/juice-shop/node_modules/tar-fs/package.json,,,False,,False,,63114de3e5ad3029495344b7d2ed142e2ef46604b9767b35b9700cf0f13065a8,59,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.880587+00:00,,,,,Upgrade to version: 2.1.4,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-vj76-c3g6-qr5v NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-59343 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 NEWLINE - https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-vj76-c3g6-qr5v in tar-fs:2.1.3,False,False,,,False,,GHSA-vj76-c3g6-qr5v,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-vj76-c3g6-qr5v; CVE-2025-59343, +True,sanitize-html,1.4.2,2025-11-12 15:45:18.906209+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Sanitize-html Vulnerable To REDoS Attacks NEWLINE **Related Vulnerability Description:** The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/sanitize-html@1.4.2,False,,,False,,0.17706,0.00056,False,/juice-shop/node_modules/sanitize-html/package.json,,,False,,False,,e90ee5d49e22d940fba380eab58f54bc2a72f71ef85a214ee4f3b1fde805f262,63,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.906193+00:00,,,,,Upgrade to version: 2.7.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-cgfm-xwp7-2cvr NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-25887 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c NEWLINE - https://github.com/apostrophecms/sanitize-html/pull/557 NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 NEWLINE - https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c NEWLINE - https://github.com/apostrophecms/sanitize-html/pull/557 NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3008102 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-cgfm-xwp7-2cvr in sanitize-html:1.4.2,False,False,,,False,,GHSA-cgfm-xwp7-2cvr,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-cgfm-xwp7-2cvr; CVE-2022-25887, +True,multer,1.4.5-lts.2,2025-11-12 15:45:18.964274+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via unhandled exception from malformed request NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.03377,0.00018,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,aeeed161b43b47649735bd042aa9e630e5f28c400c888417fc0720be9c2e7a7e,76,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.964260+00:00,,,,,Upgrade to version: 2.0.2,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-fjgf-rc76-4x9p NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-7338 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://cna.openjsf.org/security-advisories.html NEWLINE - https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-fjgf-rc76-4x9p in multer:1.4.5-lts.2,False,False,,,False,,GHSA-fjgf-rc76-4x9p,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-fjgf-rc76-4x9p; CVE-2025-7338, +True,multer,1.4.5-lts.2,2025-11-12 15:45:18.919095+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service from maliciously crafted requests NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.10451,0.00037,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,e361ef84b7e55dd3b2c90b9d8fb942526c15c129d1f901c7d3c7bc176d1f7764,66,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.919078+00:00,,,,,Upgrade to version: 2.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-4pg4-qvpc-4q3h NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-47944 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE - https://github.com/expressjs/multer/issues/1176 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-4pg4-qvpc-4q3h in multer:1.4.5-lts.2,False,False,,,False,,GHSA-4pg4-qvpc-4q3h,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-4pg4-qvpc-4q3h; CVE-2025-47944, +True,libc6,2.36-9+deb12u10,2025-11-12 15:45:18.982467+00:00,CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,7.8,,,0,2025-11-12,,,**Vulnerability Namespace:** debian:distro:debian:12 NEWLINE **Vulnerability Description:** Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). NEWLINE **Matcher:** dpkg-matcher NEWLINE **Package URL:** pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=arm64&distro=debian-12&upstream=glibc,False,,,False,,0.00955,0.00011,False,/var/lib/dpkg/status.d/libc6,,,False,,False,,896756e9b5609418a794af6ff0d230e96a44a877d620bdea454cf1d30e61e6bd,80,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.982451+00:00,,,,,Upgrade to version: 2.36-9+deb12u11,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://security-tracker.debian.org/tracker/CVE-2025-4802 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-4802 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://sourceware.org/bugzilla/show_bug.cgi?id=32976 NEWLINE - https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e NEWLINE - http://www.openwall.com/lists/oss-security/2025/05/16/7 NEWLINE - http://www.openwall.com/lists/oss-security/2025/05/17/2,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,CVE-2025-4802 in libc6:2.36-9+deb12u10,False,False,,,False,,CVE-2025-4802,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,CVE-2025-4802, +True,multer,1.4.5-lts.2,2025-11-12 15:45:18.914840+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via memory leaks from unclosed streams NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.10451,0.00037,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,84a56017a0139fedea9c251e5bade937c762aedd44bf54aa2ccba8a4353e44c6,65,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.914819+00:00,,,,,Upgrade to version: 2.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-44fp-w29j-9vj5 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-47935 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 NEWLINE - https://github.com/expressjs/multer/pull/1120 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-44fp-w29j-9vj5 in multer:1.4.5-lts.2,False,False,,,False,,GHSA-44fp-w29j-9vj5,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-44fp-w29j-9vj5; CVE-2025-47935, +True,braces,2.3.2,2025-11-12 15:45:18.837548+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Uncontrolled resource consumption in braces NEWLINE **Related Vulnerability Description:** The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends ""imbalanced braces"" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/braces@2.3.2",False,,,False,,0.37538,0.00159,False,/juice-shop/node_modules/braces/package.json,,,False,,False,,fee295670b576e697ddfcadd99d548c93389309dbcff631ab8a8555c55261a43,50,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.837529+00:00,,,,,Upgrade to version: 3.0.3,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-grv7-fg5c-xmjg NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-4068 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://devhub.checkmarx.com/cve-details/CVE-2024-4068/ NEWLINE - https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff NEWLINE - https://github.com/micromatch/braces/issues/35 NEWLINE - https://github.com/micromatch/braces/pull/37 NEWLINE - https://github.com/micromatch/braces/pull/40 NEWLINE - https://devhub.checkmarx.com/cve-details/CVE-2024-4068/ NEWLINE - https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff NEWLINE - https://github.com/micromatch/braces/issues/35 NEWLINE - https://github.com/micromatch/braces/pull/37 NEWLINE - https://github.com/micromatch/braces/pull/40,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-grv7-fg5c-xmjg in braces:2.3.2,False,False,,,False,,GHSA-grv7-fg5c-xmjg,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-grv7-fg5c-xmjg; CVE-2024-4068, +True,multer,1.4.5-lts.2,2025-11-12 15:45:18.888309+00:00,,,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Multer vulnerable to Denial of Service via unhandled exception NEWLINE **Related Vulnerability Description:** Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/multer@1.4.5-lts.2",False,,,False,,0.2007,0.00063,False,/juice-shop/node_modules/multer/package.json,,,False,,False,,1e5ac0766778aa0d3a4699d7268057da55a62c2387e15f1fc058232ed67b49d9,60,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.888292+00:00,,,,,Upgrade to version: 2.0.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-g5hg-p3ph-g8qg NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-48997 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 NEWLINE - https://github.com/expressjs/multer/issues/1233 NEWLINE - https://github.com/expressjs/multer/pull/1256 NEWLINE - https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-g5hg-p3ph-g8qg in multer:1.4.5-lts.2,False,False,,,False,,GHSA-g5hg-p3ph-g8qg,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-g5hg-p3ph-g8qg; CVE-2025-48997, +True,moment,2.0.0,2025-11-12 15:45:18.803283+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Regular Expression Denial of Service in moment NEWLINE **Related Vulnerability Description:** The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/moment@2.0.0",False,,,False,,0.47745,0.00243,False,/juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,,False,,False,,630b663e09ac33c8e15851db186780e54d8ac1cdbb41e507e2edac1841a90ca6,43,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.803264+00:00,,,,,Upgrade to version: 2.19.3,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-446m-mv8f-q348 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2017-18214 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/moment/moment/issues/4163 NEWLINE - https://nodesecurity.io/advisories/532 NEWLINE - https://www.tenable.com/security/tns-2019-02 NEWLINE - https://github.com/moment/moment/issues/4163 NEWLINE - https://nodesecurity.io/advisories/532 NEWLINE - https://www.tenable.com/security/tns-2019-02,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-446m-mv8f-q348 in moment:2.0.0,False,False,,,False,,GHSA-446m-mv8f-q348,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-446m-mv8f-q348; CVE-2017-18214, +True,libssl3,3.0.17-1~deb12u2,2025-11-12 15:45:18.955504+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** debian:distro:debian:12 NEWLINE **Vulnerability Description:** Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. NEWLINE **Related Vulnerability Description:** Issue summary: An application trying to decrypt CMS messages encrypted using NEWLINE password based encryption can trigger an out-of-bounds read and write. NEWLINE NEWLINE Impact summary: This out-of-bounds read may trigger a crash which leads to NEWLINE Denial of Service for an application. The out-of-bounds write can cause NEWLINE a memory corruption which can have various consequences including NEWLINE a Denial of Service or Execution of attacker-supplied code. NEWLINE NEWLINE Although the consequences of a successful exploit of this vulnerability NEWLINE could be severe, the probability that the attacker would be able to NEWLINE perform it is low. Besides, password based (PWRI) encryption support in CMS NEWLINE messages is very rarely used. For that reason the issue was assessed as NEWLINE Moderate severity according to our Security Policy. NEWLINE NEWLINE The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this NEWLINE issue, as the CMS implementation is outside the OpenSSL FIPS module NEWLINE boundary. NEWLINE **Matcher:** dpkg-matcher NEWLINE **Package URL:** pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl",False,,,False,,0.04673,0.00022,False,/var/lib/dpkg/status.d/libssl3,,,False,,False,,f4cb2fddbd9d2fc604794fd241d7dbb67e76d6847c860cb3b2c0c71a8a494918,74,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.955489+00:00,,,,,Upgrade to version: 3.0.17-1~deb12u3,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://security-tracker.debian.org/tracker/CVE-2025-9230 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-9230 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 NEWLINE - https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280 NEWLINE - https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def NEWLINE - https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd NEWLINE - https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482 NEWLINE - https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3 NEWLINE - https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba NEWLINE - https://openssl-library.org/news/secadv/20250930.txt,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,CVE-2025-9230 in libssl3:3.0.17-1~deb12u2,False,False,,,False,,CVE-2025-9230,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,CVE-2025-9230, +True,,,2025-11-12 15:45:18.272251+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/dbSchemaChallenge_1.ts,,,False,,False,,96a782d96c35b919a694819c27defa3d6eb3fc5847c30a720c626174c484f036,1,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.272233+00:00,5,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,moment,2.0.0,2025-11-12 15:45:18.780320+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Path Traversal: 'dir/../../filename' in moment.locale NEWLINE **Related Vulnerability Description:** Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/moment@2.0.0",False,,,False,,0.71131,0.00694,False,/juice-shop/node_modules/express-jwt/node_modules/moment/package.json,,,False,,False,,e7f093b631db3bc800325fb2f6024d2ef72c40edf63cd9ae8af290300a55a993,38,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.780303+00:00,,,,,Upgrade to version: 2.29.2,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8hfj-j24r-96c4 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-24785 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 NEWLINE - https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NEWLINE - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ NEWLINE - https://security.netapp.com/advisory/ntap-20220513-0006/ NEWLINE - https://www.tenable.com/security/tns-2022-09 NEWLINE - https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 NEWLINE - https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NEWLINE - https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ NEWLINE - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ NEWLINE - https://security.netapp.com/advisory/ntap-20220513-0006/ NEWLINE - https://www.tenable.com/security/tns-2022-09,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-8hfj-j24r-96c4 in moment:2.0.0,False,False,,,False,,GHSA-8hfj-j24r-96c4,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8hfj-j24r-96c4; CVE-2022-24785, +True,ip,2.0.1,2025-11-12 15:45:18.746956+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H,8.1,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** ip SSRF improper categorization in isPublic NEWLINE **Related Vulnerability Description:** The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/ip@2.0.1",False,,,False,,0.85935,0.02922,False,/juice-shop/node_modules/ip/package.json,,,False,,False,,e5cb954c35f339e0ca01a801f94a10426da4986a4003f83ee1f3c10d9261e959,31,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.746938+00:00,,,,,,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-2p57-rm9w-gvfp NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-29415 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/indutny/node-ip/issues/150 NEWLINE - https://github.com/indutny/node-ip/pull/143 NEWLINE - https://github.com/indutny/node-ip/pull/144 NEWLINE - https://github.com/indutny/node-ip/issues/150 NEWLINE - https://github.com/indutny/node-ip/pull/143 NEWLINE - https://github.com/indutny/node-ip/pull/144 NEWLINE - https://security.netapp.com/advisory/ntap-20250117-0010/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-2p57-rm9w-gvfp in ip:2.0.1,False,False,,,False,,GHSA-2p57-rm9w-gvfp,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-2p57-rm9w-gvfp; CVE-2024-29415, +True,,,2025-11-12 15:45:18.317366+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/unionSqlInjectionChallenge_1.ts,,,False,,False,,ff96577206ffc5ef88468f2a16d9dec6744398620a4a59c51ecfb7d5e984a12e,3,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.317348+00:00,6,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,lodash,2.4.2,2025-11-12 15:45:18.798291+00:00,CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,7.2,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Command Injection in lodash NEWLINE **Related Vulnerability Description:** Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2,False,,,False,,0.54852,0.00322,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,869a7ec9777c876bef49b8a242706d066e27f30637bcd64513a7cb9f8fe567fd,42,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.798254+00:00,,,,,Upgrade to version: 4.17.21,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-35jh-r3h4-6jhm NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2021-23337 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf NEWLINE - https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 NEWLINE - https://security.netapp.com/advisory/ntap-20210312-0006/ NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujul2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html NEWLINE - https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf NEWLINE - https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 NEWLINE - https://security.netapp.com/advisory/ntap-20210312-0006/ NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 NEWLINE - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 NEWLINE - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujul2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-35jh-r3h4-6jhm in lodash:2.4.2,False,False,,,False,,GHSA-35jh-r3h4-6jhm,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-35jh-r3h4-6jhm; CVE-2021-23337, +True,lodash,2.4.2,2025-11-12 15:45:18.817366+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,5.6,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash@2.4.2",False,,,False,,0.43286,0.00207,False,/juice-shop/node_modules/sanitize-html/node_modules/lodash/package.json,,,False,,False,,988db307fc5bb30445f19dbafd9fb489dbda51fe10ecf5f2412b07c45f0c3d96,46,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.817351+00:00,,,,,Upgrade to version: 4.17.11,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-4xc9-xhrj-v574 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2018-16487 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://hackerone.com/reports/380873 NEWLINE - https://security.netapp.com/advisory/ntap-20190919-0004/ NEWLINE - https://hackerone.com/reports/380873 NEWLINE - https://security.netapp.com/advisory/ntap-20190919-0004/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-4xc9-xhrj-v574 in lodash:2.4.2,False,False,,,False,,GHSA-4xc9-xhrj-v574,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-4xc9-xhrj-v574; CVE-2018-16487, +True,ws,7.4.6,2025-11-12 15:45:18.789070+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** ws affected by a DoS when handling a request with many HTTP headers NEWLINE **Related Vulnerability Description:** ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/ws@7.4.6",False,,,False,,0.66822,0.00541,False,/juice-shop/node_modules/engine.io/node_modules/ws/package.json,,,False,,False,,74033f3e158481bfea901d95193a59e2e8802a843bfa6b734b22d06ee7d95a7d,40,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.789052+00:00,,,,,Upgrade to version: 7.5.10,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-3h5v-q93c-6h6q NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2024-37890 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f NEWLINE - https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e NEWLINE - https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c NEWLINE - https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 NEWLINE - https://github.com/websockets/ws/issues/2230 NEWLINE - https://github.com/websockets/ws/pull/2231 NEWLINE - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q NEWLINE - https://nodejs.org/api/http.html#servermaxheaderscount NEWLINE - https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f NEWLINE - https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e NEWLINE - https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c NEWLINE - https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63 NEWLINE - https://github.com/websockets/ws/issues/2230 NEWLINE - https://github.com/websockets/ws/pull/2231 NEWLINE - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q NEWLINE - https://nodejs.org/api/http.html#servermaxheaderscount,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-3h5v-q93c-6h6q in ws:7.4.6,False,False,,,False,,GHSA-3h5v-q93c-6h6q,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-3h5v-q93c-6h6q; CVE-2024-37890, +True,lodash.set,4.3.2,2025-11-12 15:45:18.756806+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H,7.4,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Prototype Pollution in lodash NEWLINE **Related Vulnerability Description:** Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/lodash.set@4.3.2,False,,,False,,0.83052,0.01999,False,/juice-shop/node_modules/lodash.set/package.json,,,False,,False,,4329c773eea03faf09868de96a1232ec6a258d90a3252d5c9852bd2503e3011d,33,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.756788+00:00,,,,,,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-p6mc-m468-83gw NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2020-8203 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/lodash/lodash/issues/4874 NEWLINE - https://hackerone.com/reports/712065 NEWLINE - https://security.netapp.com/advisory/ntap-20200724-0006/ NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuApr2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuapr2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html NEWLINE - https://github.com/lodash/lodash/issues/4874 NEWLINE - https://hackerone.com/reports/712065 NEWLINE - https://security.netapp.com/advisory/ntap-20200724-0006/ NEWLINE - https://www.oracle.com//security-alerts/cpujul2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuApr2021.html NEWLINE - https://www.oracle.com/security-alerts/cpuapr2022.html NEWLINE - https://www.oracle.com/security-alerts/cpujan2022.html NEWLINE - https://www.oracle.com/security-alerts/cpuoct2021.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-p6mc-m468-83gw in lodash.set:4.3.2,False,False,,,False,,GHSA-p6mc-m468-83gw,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-p6mc-m468-83gw; CVE-2020-8203, +True,http-cache-semantics,3.8.1,2025-11-12 15:45:18.842895+00:00,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,7.5,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** http-cache-semantics vulnerable to Regular Expression Denial of Service NEWLINE **Related Vulnerability Description:** This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/http-cache-semantics@3.8.1",False,,,False,,0.37495,0.00159,False,/juice-shop/node_modules/http-cache-semantics/package.json,,,False,,False,,e662b0400bb9af0286dd74ea110d9ae3b4b1c7dfbfc06e21a1c9d03859782b21,51,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.842876+00:00,,,,,Upgrade to version: 4.1.1,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-rc47-6667-2j5j NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-25881 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 NEWLINE - https://security.netapp.com/advisory/ntap-20230622-0008/ NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 NEWLINE - https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83 NEWLINE - https://security.netapp.com/advisory/ntap-20230622-0008/ NEWLINE - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332 NEWLINE - https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-rc47-6667-2j5j in http-cache-semantics:3.8.1,False,False,,,False,,GHSA-rc47-6667-2j5j,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-rc47-6667-2j5j; CVE-2022-25881, +True,jsonwebtoken,0.1.0,2025-11-12 15:45:18.894645+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** jsonwebtoken unrestricted key type could lead to legacy keys usage NEWLINE **Related Vulnerability Description:** Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.1.0",False,,,False,,0.18525,0.00058,False,/juice-shop/node_modules/express-jwt/node_modules/jsonwebtoken/package.json,,,False,,False,,f4b13e22a9423c9079edd385f97d089591ca74e670390e8050c1269fbbf58164,61,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.894626+00:00,,,,,Upgrade to version: 9.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8cf7-32gw-wr33 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.1.0,False,False,,,False,,GHSA-8cf7-32gw-wr33,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8cf7-32gw-wr33; CVE-2022-23539, +True,jsonwebtoken,0.4.0,2025-11-12 15:45:18.900987+00:00,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N,8.1,,,0,2025-11-12,,,"**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** jsonwebtoken unrestricted key type could lead to legacy keys usage NEWLINE **Related Vulnerability Description:** Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jsonwebtoken@0.4.0",False,,,False,,0.18525,0.00058,False,/juice-shop/node_modules/jsonwebtoken/package.json,,,False,,False,,3bd54fac91d21dd767b765f463851f70d3fc5f8bf558ba67e2c406532a9d079a,62,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.900967+00:00,,,,,Upgrade to version: 9.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-8cf7-32gw-wr33 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2022-23539 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/ NEWLINE - https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 NEWLINE - https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33 NEWLINE - https://security.netapp.com/advisory/ntap-20240621-0007/,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-8cf7-32gw-wr33 in jsonwebtoken:0.4.0,False,False,,,False,,GHSA-8cf7-32gw-wr33,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-8cf7-32gw-wr33; CVE-2022-23539, +True,,,2025-11-12 15:45:18.365430+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/routes/search.ts,,,False,,False,,1bf0b263903752029aa809a978cd26d8d2a2bf32c9585422c88e70e7a3a6947a,17,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.365412+00:00,23,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.368514+00:00,,,,,95,2025-11-12,,,**Result message:** Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible. NEWLINE ,False,,,False,,,,False,/src/routes/userProfile.ts,,,False,,False,,eb9f5c7fbc7059d112c8d40c166d5378cfdea907628e793c1172ee4e7828fb4e,18,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.368497+00:00,62,,,,,1,S1,False,,,,,,,,False,https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval NEWLINE https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback NEWLINE https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/ NEWLINE https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.lang.security.audit.code-string-concat.code-string-concat,False,False,,,False,,javascript.lang.security.audit.code-string-concat.code-string-concat,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.351955+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/routes/login.ts,,,False,,False,,18cf39067c5c99611bd071fc090cc6ab2730c0b342ddb473583abbf12fa8d8d0,13,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.351938+00:00,34,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.321182+00:00,,,,,89,2025-11-12,,,"**Result message:** Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. NEWLINE ",False,,,False,,,,False,/src/data/static/codefixes/unionSqlInjectionChallenge_3.ts,,,False,,False,,e4cf67f59b27847f530768137bbd364d0adffc5f43d4e2faeb22d829b39d7ab7,4,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.321161+00:00,10,,,,,1,S1,False,,,,,,,,False,https://sequelize.org/docs/v6/core-concepts/raw-queries/#replacements,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Semgrep JSON Report,1,0,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,False,False,,,False,,javascript.sequelize.security.audit.sequelize-injection-express.express-sequelize-injection,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,jws,0.2.6,2025-11-12 15:45:19.020371+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N,8.7,,,0,2025-11-12,,,**Vulnerability Namespace:** github:language:javascript NEWLINE **Vulnerability Description:** Forgeable Public/Private Tokens in jws NEWLINE **Matcher:** javascript-matcher NEWLINE **Package URL:** pkg:npm/jws@0.2.6,False,,,False,,,,False,/juice-shop/node_modules/jws/package.json,,,False,,False,,65de452ff5969c58a4dbdae5d7b9d35bd7ea1e4a29b62c6e76049be787e9c04d,89,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:19.020354+00:00,,,,,Upgrade to version: 3.0.0,1,S1,False,,,,,,,,False,**Vulnerability Datasource:** https://github.com/advisories/GHSA-gjcw-v447-2w7q NEWLINE **Related Vulnerability Datasource:** nvd,Admin User (admin),1,,,False,,,,,,,High,,,30,30,2025-12-12,2025-12-12,,,,True,,Anchore Grype,4,0,GHSA-gjcw-v447-2w7q in jws:0.2.6,False,False,,,False,,GHSA-gjcw-v447-2w7q,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,GHSA-gjcw-v447-2w7q; CVE-2016-1000223, +True,libssl3,3.0.17-1~deb12u2,2025-11-12 15:45:18.959971+00:00,CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,5.9,,,0,2025-11-12,,,"**Vulnerability Namespace:** debian:distro:debian:12 NEWLINE **Vulnerability Description:** Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary. NEWLINE **Related Vulnerability Description:** Issue summary: An application using the OpenSSL HTTP client API functions may NEWLINE trigger an out-of-bounds read if the 'no_proxy' environment variable is set and NEWLINE the host portion of the authority component of the HTTP URL is an IPv6 address. NEWLINE NEWLINE Impact summary: An out-of-bounds read can trigger a crash which leads to NEWLINE Denial of Service for an application. NEWLINE NEWLINE The OpenSSL HTTP client API functions can be used directly by applications NEWLINE but they are also used by the OCSP client functions and CMP (Certificate NEWLINE Management Protocol) client implementation in OpenSSL. However the URLs used NEWLINE by these implementations are unlikely to be controlled by an attacker. NEWLINE NEWLINE In this vulnerable code the out of bounds read can only trigger a crash. NEWLINE Furthermore the vulnerability requires an attacker-controlled URL to be NEWLINE passed from an application to the OpenSSL function and the user has to have NEWLINE a 'no_proxy' environment variable set. For the aforementioned reasons the NEWLINE issue was assessed as Low severity. NEWLINE NEWLINE The vulnerable code was introduced in the following patch releases: NEWLINE 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. NEWLINE NEWLINE The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this NEWLINE issue, as the HTTP client implementation is outside the OpenSSL FIPS module NEWLINE boundary. NEWLINE **Matcher:** dpkg-matcher NEWLINE **Package URL:** pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=arm64&distro=debian-12&upstream=openssl",False,,,False,,0.06606,0.00028,False,/var/lib/dpkg/status.d/libssl3,,,False,,False,,692bf0126eed80d9db95ee1bc2c8f4a87a6f5fbd4473a25dde3be638f8b38bbe,75,,False,,False,2025-11-12 15:45:18.656009+00:00,Admin User (admin),1,2025-11-12 15:45:18.959955+00:00,,,,,Upgrade to version: 3.0.17-1~deb12u3,1,S2,False,,,,,,,,False,**Vulnerability Datasource:** https://security-tracker.debian.org/tracker/CVE-2025-9232 NEWLINE **Related Vulnerability Datasource:** https://nvd.nist.gov/vuln/detail/CVE-2025-9232 NEWLINE **Related Vulnerability URLs:** NEWLINE - https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35 NEWLINE - https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b NEWLINE - https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3 NEWLINE - https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf NEWLINE - https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0 NEWLINE - https://openssl-library.org/news/secadv/20250930.txt,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Anchore Grype,4,0,CVE-2025-9232 in libssl3:3.0.17-1~deb12u2,False,False,,,False,,CVE-2025-9232,,Anchore Grype,1,Labs Security Testing,1,Juice Shop,,CVE-2025-9232, +True,,,2025-11-12 15:45:18.324608+00:00,,,,,79,2025-11-12,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/navbar/navbar.component.html,,,False,,False,,fbc2121d22e6d92272ae7ab2621272590d4c7ed87c1abb31fecf21e0dbf0ee65,5,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.324592+00:00,17,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.328390+00:00,,,,,79,2025-11-12,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/purchase-basket/purchase-basket.component.html,,,False,,False,,25ddc4aba2ab39b0f8b123aff5efde8dbf706a0a80234006894223b6362f28d2,6,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.328371+00:00,15,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.332142+00:00,,,,,79,2025-11-12,,,"**Result message:** Detected a unquoted template variable as an attribute. If unquoted, a malicious actor could inject custom JavaScript handlers. To fix this, add quotes around the template expression, like this: ""{{ expr }}"". NEWLINE ",False,,,False,,,,False,/src/frontend/src/app/search-result/search-result.component.html,,,False,,False,,da4d380dafe7a95f30947b223244cb51a686574c7e816de2c6c0c88685619803,7,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.332125+00:00,40,,,,,1,S2,False,,,,,,,,False,https://flask.palletsprojects.com/en/1.1.x/security/#cross-site-scripting-xss,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,False,False,,,False,,generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.335375+00:00,,,,,798,2025-11-12,,,"**Result message:** A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). NEWLINE ",False,,,False,,,,False,/src/lib/insecurity.ts,,,False,,False,,336c04ba579d98f1cbd843dec07351d03b9ed6fe11f5c2642269dd2f2b597ca2,8,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.335357+00:00,56,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret,False,False,,,False,,javascript.jsonwebtoken.security.jwt-hardcode.hardcoded-jwt-secret,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.338482+00:00,,,,,79,2025-11-12,,,**Result message:** User data flows into the host portion of this manually-constructed HTML. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Consider using a sanitization library such as DOMPurify to sanitize the HTML within. NEWLINE ,False,,,False,,,,False,/src/routes/chatbot.ts,,,False,,False,,2da08eee2cae8d5a4c40ff22ebd6e1b771acf48bbab5635c2facc17ad30aff2e,9,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.338466+00:00,197,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.injection.raw-html-format.raw-html-format,False,False,,,False,,javascript.express.security.injection.raw-html-format.raw-html-format,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.341987+00:00,,,,,73,2025-11-12,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/fileServer.ts,,,False,,False,,730127e56b626e43913d00326470199b3fe58308c46ed1f752cdcf55116f0924,10,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.341969+00:00,33,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.345482+00:00,,,,,73,2025-11-12,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/keyServer.ts,,,False,,False,,4dc4ded60b0a833d49b01c2aa3ed19e1d3d800efc8c4951d7e22c61af3182247,11,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.345464+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.349007+00:00,,,,,73,2025-11-12,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/logfileServer.ts,,,False,,False,,b3ca11f8dac4967975a1496a32c7d38dd9dd5a0c04f35c04c32c2c28ae9a6223,12,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.348990+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.355731+00:00,,,,,73,2025-11-12,,,"**Result message:** The application processes user-input, this is passed to res.sendFile which can allow an attacker to arbitrarily read files on the system through path traversal. It is recommended to perform input validation in addition to canonicalizing the path. This allows you to validate the path against the intended directory it should be accessing. NEWLINE ",False,,,False,,,,False,/src/routes/quarantineServer.ts,,,False,,False,,7b377f19cbc2f96c874065754ed333f0c1da7f5c030cd6b6c2ffedf6c5f26cff,14,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.355711+00:00,14,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,False,False,,,False,,javascript.express.security.audit.express-res-sendfile.express-res-sendfile,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.358967+00:00,,,,,601,2025-11-12,,,"**Result message:** It looks like 'toUrl' is read from user input and it is used to as a redirect. Ensure 'toUrl' is not externally controlled, otherwise this is an open redirect. NEWLINE ",False,,,False,,,,False,/src/routes/redirect.ts,,,False,,False,,6d87215e82bf602b7db608e037398fa9328dfbf4fa4634ca81ab65f9bbc56a35,15,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.358949+00:00,19,,,,,1,S2,False,,,,,,,,False,https://owasp.org/Top10/A01_2021-Broken_Access_Control,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect,False,False,,,False,,javascript.express.security.audit.possible-user-input-redirect.unknown-value-in-redirect,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.362134+00:00,,,,,601,2025-11-12,,,"**Result message:** The application redirects to a URL specified by user-supplied input `query` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website. NEWLINE ",False,,,False,,,,False,/src/routes/redirect.ts,,,False,,False,,a07b144e5ae8c6f65c5a69b2fc91dd3a60f6bc861168ae8f5d4ce874c5e63d3a,16,,False,,False,2025-11-12 15:45:18.265254+00:00,Admin User (admin),1,2025-11-12 15:45:18.362116+00:00,19,,,,,1,S2,False,,,,,,,,False,https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html,Admin User (admin),1,,,False,,,,,,,Medium,,,90,90,2026-02-10,2026-02-10,,,,True,,Semgrep JSON Report,1,0,javascript.express.security.audit.express-open-redirect.express-open-redirect,False,False,,,False,,javascript.express.security.audit.express-open-redirect.express-open-redirect,,Semgrep JSON Report,1,Labs Security Testing,1,Juice Shop,,, +True,,,2025-11-12 15:45:18.371691+00:00,,,,,79,2025-11-12,,,"**Result message:** Cannot determine what 'subs' is and it is used with a '