{ "vulnerabilities": [{ "category": "dependency_scanning", "name": "Vulnerability for remediation testing 1", "message": "This vulnerability should have ONE remediation", "description": "", "cve": "CVE-2137", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Foo vulnerability", "value": "foo" }], "links": [{ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2137" }], "details": { "commit": { "name": [{ "lang": "en", "value": "The Commit" }], "description": [{ "lang": "en", "value": "Commit where the vulnerability was identified" }], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } } }, { "category": "dependency_scanning", "name": "Vulnerability for remediation testing 2", "message": "This vulnerability should have ONE remediation", "description": "", "cve": "CVE-2138", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Foo vulnerability", "value": "foo" }], "links": [{ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2138" }], "details": { "commit": { "name": [{ "lang": "en", "value": "The Commit" }], "description": [{ "lang": "en", "value": "Commit where the vulnerability was identified" }], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } } }, { "category": "dependency_scanning", "name": "Vulnerability for remediation testing 3", "message": "Remediation for this vulnerability should remediate CVE-2140 as well", "description": "", "cve": "CVE-2139", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Foo vulnerability", "value": "foo" }], "links": [{ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2139" }], "details": { "commit": { "name": [{ "lang": "en", "value": "The Commit" }], "description": [{ "lang": "en", "value": "Commit where the vulnerability was identified" }], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } } }, { "category": "dependency_scanning", "name": "Vulnerability for remediation testing 4", "message": "Remediation for this vulnerability should remediate CVE-2139 as well", "description": "", "cve": "CVE-2140", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Foo vulnerability", "value": "foo" }], "links": [{ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2140" }], "details": { "commit": { "name": [{ "lang": "en", "value": "The Commit" }], "description": [{ "lang": "en", "value": "Commit where the vulnerability was identified" }], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } } }, { "category": "dependency_scanning", "name": "Vulnerabilities in libxml2", "message": "Vulnerabilities in libxml2 in nokogiri", "description": "", "cve": "CVE-1020", "severity": "High", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "evidence": { "source": { "id": "assert:CORS - Bad 'Origin' value", "name": "CORS - Bad 'Origin' value" }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { "headers": [{ "name": "Server", "value": "TwistedWeb/20.3.0" }], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, "supporting_messages": [{ "name": "Origional", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" } }, { "name": "Recorded", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { "headers": [{ "name": "Server", "value": "TwistedWeb/20.3.0" }], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" } } ] }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Foo vulnerability", "value": "foo" }], "links": [{ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1020" }], "details": { "commit": { "name": [{ "lang": "en", "value": "The Commit" }], "description": [{ "lang": "en", "value": "Commit where the vulnerability was identified" }], "type": "commit", "value": "41df7b7eb3be2b5be2c406c2f6d28cd6631eeb19" } } }, { "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3", "category": "dependency_scanning", "name": "Regular Expression Denial of Service", "message": "Regular Expression Denial of Service in debug", "description": "", "cve": "CVE-1030", "severity": "Unknown", "solution": "Upgrade to latest versions.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "evidence": { "source": { "id": "assert:CORS - Bad 'Origin' value", "name": "CORS - Bad 'Origin' value" }, "summary": "The Origin header was changed to an invalid value of http://peachapisecurity.com and the response contained an Access-Control-Allow-Origin header which included this invalid Origin, indicating that the CORS configuration on the server is overly permissive.\n\n\n", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { "headers": [{ "name": "Server", "value": "TwistedWeb/20.3.0" }], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" }, "supporting_messages": [{ "name": "Origional", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" } }, { "name": "Recorded", "request": { "headers": [{ "name": "Host", "value": "127.0.0.1:7777" }], "method": "GET", "url": "http://127.0.0.1:7777/api/users", "body": "" }, "response": { "headers": [{ "name": "Server", "value": "TwistedWeb/20.3.0" }], "reason_phrase": "OK", "status_code": 200, "body": "[{\"user_id\":1,\"user\":\"admin\",\"first\":\"Joe\",\"last\":\"Smith\",\"password\":\"Password!\"}]" } } ] }, "location": {}, "identifiers": [{ "type": "GitLab", "name": "Bar vulnerability", "value": "bar" }], "links": [{ "name": "CVE-1030", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1030" }] }, { "category": "dependency_scanning", "name": "Authentication bypass via incorrect DOM traversal and canonicalization", "message": "Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js", "description": "", "cve": "yarn/yarn.lock:saml2-js:gemnasium:9952e574-7b5b-46fa-a270-aeb694198a98", "severity": "Unknown", "solution": "Upgrade to fixed version.\r\n", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": {}, "identifiers": [], "links": [] } ], "remediations": [{ "fixes": [{ "cve": "CVE-2137" }], "summary": "this remediates CVE-2137", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { "fixes": [{ "cve": "CVE-2138" }], "summary": "this remediates CVE-2138", "diff": "dG90YWxseSBsZWdpdCBkaWZm" }, { "fixes": [{ "cve": "CVE-2139" }, { "cve": "CVE-2140" }], "summary": "this remediates CVE-2139 and CVE-2140", "diff": "dG90YWxseSBsZWdpdGltYXRlIGRpZmYsIDEwLzEwIHdvdWxkIGFwcGx5" }, { "fixes": [{ "cve": "CVE-1020" }], "summary": "", "diff": "" }, { "fixes": [{ "cve": "CVE", "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" }], "summary": "", "diff": "" }, { "fixes": [{ "cve": "CVE", "id": "bb2fbeb1b71ea360ce3f86f001d4e84823c3ffe1a1f7d41ba7466b14cfa953d3" }], "summary": "", "diff": "" }, { "fixes": [{ "id": "2134", "cve": "CVE-1" }], "summary": "", "diff": "" } ], "dependency_files": [], "scan": { "analyzer": { "id": "common-analyzer", "name": "Common Analyzer", "url": "https://site.com/analyzer/common", "version": "2.0.1", "vendor": { "name": "Common" } }, "scanner": { "id": "gemnasium", "name": "Gemnasium", "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven", "vendor": { "name": "GitLab" }, "version": "2.18.0" }, "type": "dependency_scanning", "start_time": "placeholder-value", "end_time": "placeholder-value", "status": "success" }, "version": "14.0.2" }