Skip to content

Commit

Permalink
CHANGE (CodeAnalyzer): @W-15634578@ Version update and RetireJS chang…
Browse files Browse the repository at this point in the history
…es for v3.24.0 release. (#1449)
  • Loading branch information
rmohan20 authored and jag-j committed Apr 30, 2024
1 parent 68c50fe commit f270643
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 14 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "3.23.0",
"version": "3.24.0",
"author": "ISV SWAT",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
79 changes: 66 additions & 13 deletions retire-js/RetireJsVulns.json
Original file line number Diff line number Diff line change
Expand Up @@ -982,39 +982,39 @@
]
},
{
"below": "2.3.1",
"below": "2.3.0",
"severity": "medium",
"cwe": [
"CWE-79"
],
"identifiers": {
"summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component",
"summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
"CVE": [
"CVE-2013-2023"
"CVE-2013-2022"
],
"release": "2.3.1"
"githubID": "GHSA-3jcq-cwr7-6332"
},
"info": [
"http://jplayer.org/latest/release-notes/",
"https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
"https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
]
},
{
"below": "2.3.23",
"below": "2.3.1",
"severity": "medium",
"cwe": [
"CWE-79"
],
"identifiers": {
"summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component",
"summary": "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component",
"CVE": [
"CVE-2013-2022"
"CVE-2013-2023"
],
"release": "2.3.23"
"release": "2.3.1"
},
"info": [
"http://jplayer.org/latest/release-notes/",
"https://nvd.nist.gov/vuln/detail/CVE-2013-2022"
"https://nvd.nist.gov/vuln/detail/CVE-2013-2023"
]
}
],
Expand Down Expand Up @@ -1615,6 +1615,54 @@
"https://tiny.cloud/docs/release-notes/release-notes5109/",
"https://tiny.cloud/docs/tinymce/6/6.7.3-release-notes/"
]
},
{
"atOrAbove": "0",
"below": "6.8.1",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes",
"CVE": [
"CVE-2024-29203"
],
"githubID": "GHSA-438c-3975-5x3f"
},
"info": [
"https://github.com/advisories/GHSA-438c-3975-5x3f",
"https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f",
"https://nvd.nist.gov/vuln/detail/CVE-2024-29203",
"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
"https://github.com/tinymce/tinymce",
"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true"
]
},
{
"atOrAbove": "0",
"below": "7.0.0",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements",
"CVE": [
"CVE-2024-29881"
],
"githubID": "GHSA-5359-pvf2-pw78"
},
"info": [
"https://github.com/advisories/GHSA-5359-pvf2-pw78",
"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
"https://nvd.nist.gov/vuln/detail/CVE-2024-29881",
"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
"https://github.com/tinymce/tinymce",
"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
]
}
],
"extractors": {
Expand Down Expand Up @@ -5692,7 +5740,10 @@
"axios-(§§version§§)(\\.min)?\\.js"
],
"filecontent": [
"/\\* *axios v(§§version§§) "
"/\\* *axios v(§§version§§) ",
"// Axios v(§§version§§) C",
"return\"\\[Axios v(§§version§§)\\] Transitional",
"\\\"axios\\\",\\\"version\\\":\\\"(§§version§§)\\\""
]
}
},
Expand Down Expand Up @@ -6669,9 +6720,10 @@
{
"below": "4.17.5",
"cwe": [
"CWE-471"
"CWE-471",
"CWE-1321"
],
"severity": "low",
"severity": "medium",
"identifiers": {
"summary": "Prototype Pollution in lodash",
"CVE": [
Expand Down Expand Up @@ -6738,6 +6790,7 @@
{
"below": "4.17.12",
"cwe": [
"CWE-1321",
"CWE-20"
],
"severity": "high",
Expand Down

0 comments on commit f270643

Please sign in to comment.