[Snyk] Security upgrade npm from 6.14.6 to 7.0.0 #138
Security Report
❌ New vulnerabilities:
Partial results (77 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-43616Path to dependency file: /src/Merchello.Web.UI.Client/package.json Path to vulnerable library: /src/Merchello.Web.UI.Client/package.json Dependency Hierarchy: -> ❌ npm-7.0.0.tgz (Vulnerable Library) |
 Critical |
9.8 | npm-7.0.0.tgz | Upgrade to version: npm - 8.1.4 | None |
CVE-2021-32840Path to vulnerable library: /test/Merchello.Tests.UnitTests/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Core/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.IntegrationTests/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Providers/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Web/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Web.Store/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Examine/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.FastTrack.Ui/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.PaymentProviders/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.FastTrack/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.Base/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.PaymentProviders/Braintree/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg Dependency Hierarchy: -> ❌ sharpziplib.0.86.0.nupkg (Vulnerable Library) |
Critical |
9.8 | sharpziplib.0.86.0.nupkg | Upgrade to version: SharpZipLib - 1.3.3 | None |
CVE-2021-32840Path to dependency file: /src/Merchello.Providers/Merchello.Providers.csproj Path to vulnerable library: /src/Merchello.Providers/Merchello.Providers.csproj,/src/Merchello.FastTrack/Merchello.FastTrack.csproj,/src/Merchello.FastTrack.Ui/Merchello.FastTrack.Ui.csproj,/test/Merchello.Tests.UnitTests/Merchello.Tests.UnitTests.csproj,/src/Merchello.Web.Store/Merchello.Web.Store.csproj,/src/Merchello.Web/Merchello.Web.csproj,/test/Merchello.Tests.PaymentProviders/Merchello.Tests.PaymentProviders.csproj,/test/Merchello.Tests.Base/Merchello.Tests.Base.csproj,/src/Merchello.Core/Merchello.Core.csproj,/src/Merchello.Examine/Merchello.Examine.csproj,/test/Merchello.Tests.IntegrationTests/Merchello.Tests.IntegrationTests.csproj Dependency Hierarchy: -> ❌ sharpziplib.0.86.0.nupkg (Vulnerable Library) |
Critical |
9.8 | sharpziplib.0.86.0.nupkg | Upgrade to version: SharpZipLib - 1.3.3 | None |
CVE-2020-7746Path to vulnerable library: /lib/charts/Chart.js Dependency Hierarchy: -> ❌ Chart-1.0.2.js (Vulnerable Library) |
Critical |
9.8 | Chart-1.0.2.js | Upgrade to version: chart.js - 2.9.4 | None |
CVE-2018-1285Path to vulnerable library: /src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net35-client/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2018-1285Path to vulnerable library: /test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2018-1285Path to vulnerable library: /test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net40-full/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2018-1285Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net40-client/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2018-1285Path to dependency file: /test/Merchello.Tests.Base/Merchello.Tests.Base.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.FastTrack/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Core/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Examine/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Providers/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Web/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.Base/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Web.Store/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg Dependency Hierarchy: -> ❌ log4net.2.0.8.nupkg (Vulnerable Library) |
Critical |
9.8 | log4net.2.0.8.nupkg | Upgrade to version: log4net - 2.0.10 | None |
| Critical |
9.8 | umbracocms.core.7.15.0.nupkg | Upgrade to version: log4net - 2.0.10 | None | |
CVE-2018-1285Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web.Store/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack.Ui/bin/log4net.dll,/src/Merchello.Providers/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.FastTrack/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Examine/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Core/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.Base/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2018-1285Path to vulnerable library: /test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net35-full/log4net.dll Dependency Hierarchy: -> ❌ log4net-2.0.8.0.dll (Vulnerable Library) |
Critical |
9.8 | log4net-2.0.8.0.dll | Upgrade to version: log4net - 2.0.10 | None |
CVE-2020-9471Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg Dependency Hierarchy: -> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library) |
 High |
8.8 | umbracocms.core.7.2.4.nupkg | Upgrade to version: UmbracoCms.Core - 7.2.5-RC,7.6.0-RC,7.3.0-RC,8.5.4,7.2.0-RC,6.0.0-RC,6.2.0-RC,7.1.0-RC,6.2.0.1-RC,7.0.0-RC | None |
| High |
8.8 | umbracocms.core.7.15.0.nupkg | Upgrade to version: UmbracoCms.Core - 7.2.5-RC,7.6.0-RC,7.3.0-RC,8.5.4,7.2.0-RC,6.0.0-RC,6.2.0-RC,7.1.0-RC,6.2.0.1-RC,7.0.0-RC | None | |
CVE-2015-8814Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg Dependency Hierarchy: -> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library) |
High |
8.8 | umbracocms.core.7.2.4.nupkg | Upgrade to version: 7.6-alpha071 | None |
CVE-2015-8813Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg Dependency Hierarchy: -> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library) |
High |
8.2 | umbracocms.core.7.2.4.nupkg | Upgrade to version: 7.4.0 | None |
CVE-2023-33170Dependency Hierarchy: -> ❌ microsoft.aspnet.identity.owin.2.2.2.nupkg (Vulnerable Library) |
High |
8.1 | microsoft.aspnet.identity.owin.2.2.2.nupkg | Upgrade to version: Microsoft.AspNet.Identity.Owin - 2.2.4;Microsoft.AspNetCore.App.Runtime - 6.0.20,7.0.9;Microsoft.AspNetCore.Identity - 2.1.39 | None |
CVE-2023-33170Path to vulnerable library: /test/Merchello.Tests.Base/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Core/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.FastTrack/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.PaymentProviders/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Web/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Web.Store/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.IntegrationTests/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.FastTrack.Ui/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Providers/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.FastTrack.Ui/bin/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.UnitTests/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Examine/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll Dependency Hierarchy: -> ❌ Microsoft.AspNet.Identity.Owin-2.2.2.70424.0.dll (Vulnerable Library) |
High |
8.1 | Microsoft.AspNet.Identity.Owin-2.2.2.70424.0.dll | Upgrade to version: Microsoft.AspNet.Identity.Owin - 2.2.4;Microsoft.AspNetCore.App.Runtime - 6.0.20,7.0.9;Microsoft.AspNetCore.Identity - 2.1.39 | None |
| High |
7.6 | umbracocms.7.15.0.nupkg | Upgrade to version: 4.9.7,5.1.4 | None | |
WS-2020-0008Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
High |
7.6 | tinymce-4.1.10.min.js | Upgrade to version: 4.9.7,5.1.4 | None |
WS-2020-0008Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
High |
7.6 | tinymce-4.9.5.min.js | Upgrade to version: 4.9.7,5.1.4 | None |
| High |
7.5 | umbracocms.7.15.0.nupkg | Upgrade to version: tinymce - 5.6.0 | None | |
WS-2021-0001Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
High |
7.5 | tinymce-4.1.10.min.js | Upgrade to version: tinymce - 5.6.0 | None |
WS-2021-0001Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
High |
7.5 | tinymce-4.9.5.min.js | Upgrade to version: tinymce - 5.6.0 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net20/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.FastTrack.Ui/bin/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/Newtonsoft.Json.6.0.5.nupkg Dependency Hierarchy: -> ❌ newtonsoft.json.6.0.5.nupkg (Vulnerable Library) |
High |
7.5 | newtonsoft.json.6.0.5.nupkg | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
| High |
7.5 | newtonsoft.json.12.0.2.nupkg | Upgrade to version: Newtonsoft.Json - 13.0.1 | None | |
CVE-2024-21907Path to vulnerable library: /src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/netcore45/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-12.0.2.23222.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net40/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net45/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2024-21907Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net35/Newtonsoft.Json.dll Dependency Hierarchy: -> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library) |
High |
7.5 | Newtonsoft.Json-6.0.5.17707.dll | Upgrade to version: Newtonsoft.Json - 13.0.1 | None |
CVE-2022-31147Path to vulnerable library: /src/Merchello.FastTrack.Ui/Scripts/jquery.validate-vsdoc.js Dependency Hierarchy: -> ❌ jquery.validate-1.8.0.js (Vulnerable Library) |
High |
7.5 | jquery.validate-1.8.0.js | Upgrade to version: jquery-validation - 1.19.5 | None |
| High |
7.5 | umbracocms.7.15.0.nupkg | Upgrade to version: moment - 2.29.4 | None | |
CVE-2022-31129Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js Dependency Hierarchy: -> ❌ moment-2.10.6.min.js (Vulnerable Library) |
High |
7.5 | moment-2.10.6.min.js | Upgrade to version: moment - 2.29.4 | None |
CVE-2022-29244Path to dependency file: /src/Merchello.Web.UI.Client/package.json Path to vulnerable library: /src/Merchello.Web.UI.Client/package.json Dependency Hierarchy: -> ❌ npm-7.0.0.tgz (Vulnerable Library) |
High |
7.5 | npm-7.0.0.tgz | Upgrade to version: npm - 8.11.0 | None |
CVE-2022-29117Dependency Hierarchy: -> ❌ microsoft.owin.security.cookies.4.0.1.nupkg (Vulnerable Library) |
High |
7.5 | microsoft.owin.security.cookies.4.0.1.nupkg | Upgrade to version: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2 | None |
| High |
7.5 | microsoft.owin.4.0.1.nupkg | Upgrade to version: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2 | None | |
| High |
7.5 | umbracocms.7.15.0.nupkg | Upgrade to version: moment - 2.29.2 | None | |
CVE-2022-24785Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js Dependency Hierarchy: -> ❌ moment-2.10.6.min.js (Vulnerable Library) |
High |
7.5 | moment-2.10.6.min.js | Upgrade to version: moment - 2.29.2 | None |
CVE-2022-22690Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg Dependency Hierarchy: -> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library) |
High |
7.5 | umbracocms.core.7.2.4.nupkg | Upgrade to version: Umbraco.Cms.Core - 9.2.0 | None |
| High |
7.5 | umbracocms.core.7.15.0.nupkg | Upgrade to version: Umbraco.Cms.Core - 9.2.0 | None | |
CVE-2021-21252Path to vulnerable library: /src/Merchello.FastTrack.Ui/Scripts/jquery.validate-vsdoc.js Dependency Hierarchy: -> ❌ jquery.validate-1.8.0.js (Vulnerable Library) |
High |
7.5 | jquery.validate-1.8.0.js | Upgrade to version: jquery-validation - 1.19.3 | None |
| High |
7.5 | umbracocms.7.15.0.nupkg | Upgrade to version: codemirror - 5.58.2 | None | |
| High |
7.5 | umbracocms.7.15.0.nupkg | Upgrade to version: moment - 2.19.3 | None | |
CVE-2017-18214Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js Dependency Hierarchy: -> ❌ moment-2.10.6.min.js (Vulnerable Library) |
High |
7.5 | moment-2.10.6.min.js | Upgrade to version: moment - 2.19.3 | None |
CVE-2022-22691Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg Dependency Hierarchy: -> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library) |
High |
7.4 | umbracocms.core.7.2.4.nupkg | Upgrade to version: Umbraco.Cms.Core - 9.2.0 | None |
| High |
7.4 | umbracocms.core.7.15.0.nupkg | Upgrade to version: Umbraco.Cms.Core - 9.2.0 | None | |
| High |
7.2 | umbracocms.7.15.0.nupkg | Upgrade to version: underscore - 1.12.1,1.13.0-2 | None | |
 Medium |
6.5 | umbracocms.7.15.0.nupkg | Upgrade to version: UmbracoCms - 8.5.4 | None | |
| Medium |
6.5 | umbracocms.7.15.0.nupkg | Upgrade to version: UmbracoCms - 8.6.7,8.9.2,7.15.7,8.8.3,8.7.2,8.10.0 | None | |
| Medium |
6.5 | umbracocms.7.15.0.nupkg | Upgrade to version: moment - 2.11.2 | None | |
CVE-2016-4055Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js Dependency Hierarchy: -> ❌ moment-2.10.6.min.js (Vulnerable Library) |
Medium |
6.5 | moment-2.10.6.min.js | Upgrade to version: moment - 2.11.2 | None |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: tinymce - 5.7.1 | None | |
WS-2021-0133Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.1.10.min.js | Upgrade to version: tinymce - 5.7.1 | None |
WS-2021-0133Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.9.5.min.js | Upgrade to version: tinymce - 5.7.1 | None |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: tinymce - 5.4.1, 4.9.11 | None | |
WS-2020-0142Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.1.10.min.js | Upgrade to version: tinymce - 5.4.1, 4.9.11 | None |
WS-2020-0142Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.9.5.min.js | Upgrade to version: tinymce - 5.4.1, 4.9.11 | None |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: 1.6.9 | None | |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: tinymce - 5.6.0 | None | |
CVE-2024-21911Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.1.10.min.js | Upgrade to version: tinymce - 5.6.0 | None |
CVE-2024-21911Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.9.5.min.js | Upgrade to version: tinymce - 5.6.0 | None |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 | None | |
CVE-2024-21910Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.1.10.min.js | Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 | None |
CVE-2024-21910Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.9.5.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.9.5.min.js | Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 | None |
| Medium |
6.1 | umbracocms.7.15.0.nupkg | Upgrade to version: tinymce - 5.9.0 | None | |
CVE-2024-21908Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js Dependency Hierarchy: -> ❌ tinymce-4.1.10.min.js (Vulnerable Library) |
Medium |
6.1 | tinymce-4.1.10.min.js | Upgrade to version: tinymce - 5.9.0 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-29244 | npm-6.14.6.tgz |
| CVE-2023-49279 | umbracocms.core.7.5.0.nupkg |
| CVE-2024-28863 | tar-4.4.13.tgz |
| CVE-2020-7774 | y18n-4.0.0.tgz |
| CVE-2022-25883 | semver-5.7.1.tgz |
| CVE-2022-33987 | got-6.7.1.tgz |
| CVE-2021-23343 | path-parse-1.0.6.tgz |
| CVE-2020-9471 | umbracocms.core.7.5.0.nupkg |
| CVE-2021-32803 | tar-4.4.13.tgz |
| CVE-2021-37713 | tar-4.4.13.tgz |
| CVE-2021-27290 | ssri-6.0.1.tgz |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2020-8116 | dot-prop-4.2.0.tgz |
| CVE-2022-22690 | umbracocms.core.7.5.0.nupkg |
| CVE-2024-29415 | ip-1.1.5.tgz |
| CVE-2020-7788 | ini-1.3.5.tgz |
| CVE-2022-22691 | umbracocms.core.7.5.0.nupkg |
| CVE-2021-37701 | tar-4.4.13.tgz |
| CVE-2020-7608 | yargs-parser-9.0.2.tgz |
| CVE-2021-32804 | tar-4.4.13.tgz |
| CVE-2021-23362 | hosted-git-info-2.8.8.tgz |
| CVE-2022-25881 | http-cache-semantics-3.8.1.tgz |
| CVE-2021-37712 | tar-4.4.13.tgz |
| CVE-2023-42282 | ip-1.1.5.tgz |
Base branch total remaining vulnerabilities: 312
Base branch commit: null
Total libraries scanned: 1260
Scan token: b08f3c55191d48ccbfc6067c07305104