Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • M Jamil 2 posts 71 karma points notactivated
    1 week ago
    M Jamil
    0

    OWASP scan vulnerability Detected

    Hi,

    We had recent OWASP scan for our site Umbraco v8.18.6 and there are few vulnerabilities detected by the scan.

    1- Handlebars (critical)

    The following version was identified as being out of date: Version: Handlebars v 4.7.6 Detected at: https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.min.js remote included
    Vulnerability Info:

    critical The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source - CVE-2021-23383

    critical The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source - CVE-2021-23369

    2- Axios (medium)

    The following version was identified as being out of date: Version: Axios v 0.20.0 Detected at: https://cdnjs.cloudflare.com/ajax/libs/axios/0.20.0/axios.min.js Vulnerability Info:

    high Axios is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3749

    medium Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability CVE-2020-28168

    3- Moment.js (high)

    The following version was identified as being out of date: Version: moment.js v Detected at: 2.27.0 Vulnerability Info:

    high This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785

    high Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4 CVE-2022-31129

    I have found the moment.min.js but couldn't find the other 2 libraries?

  • Huw Reddick 829 posts 2817 karma points
    6 days ago
    Huw Reddick
    0

    Umbraco v8.18.6

    I am not aware this version exists, latest v8 is 8.18.5 !

Please Sign in or register to post replies

Write your reply to:

Draft