Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: eID nextcloud

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
.eslintrc.js 00
admin_settings.spec.js 00
cached-path-relative:1.0.2pkg:npm/cached-path-relative@1.0.2high13
commands.js 00
de.js 00
eidlogin-adminsettings.js 00
eidlogin-personalsettings.js 00
index.js 00
index.js 00
metadata.spec.js 00
minimist:1.2.5pkg:npm/minimist@1.2.5critical13
nanoid:3.1.30pkg:npm/nanoid@3.1.30moderate13
personal_settings_login.spec.js 00
php-saml:dev-masterpkg:composer/eid-login/php-saml@dev-master 03
phpseclib:2.0.35cpe:2.3:a:phpseclib:phpseclib:2.0.35:*:*:*:*:*:*:*pkg:composer/phpseclib/phpseclib@2.0.35 0Highest3
webpack.config.js 00
xmlseclibs:1.0.0pkg:composer/eid-login/xmlseclibs@1.0.0 03

Dependencies

.eslintrc.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/.eslintrc.js
MD5: 9a2fad71d0b7a21c233b793e1780f357
SHA1: 174af4e3dda30558d642bbfafdcdcd48c14b6408
SHA256:7091cceae7e9ff77ecd02b7c5d55c566212ddfcd37c8517d2ecaaa3db647a062

Identifiers

  • None

admin_settings.spec.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/admin_settings.spec.js
MD5: d228b818fbe235b8c472d9d0f3eadc47
SHA1: f9ba3db5e499b499d4133e4b99d5e0effb09b6cd
SHA256:7a682939165f171b4404f50063b34165e3f9abcb4af974626c56cde72418b18e

Identifiers

  • None

cached-path-relative:1.0.2

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?cached-path-relative

Referenced In Project/Scope:package-lock.json: transitive

Identifiers

NPM-1067439  

The package cached-path-relative before 1.1.0 is vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
Unscored:
  • Severity: high

References:
  • Advisory 1067439: Prototype Pollution in cached-path-relative - - https://nvd.nist.gov/vuln/detail/CVE-2021-23518 - https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760 - https://snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-2342653 - https://github.com/advisories/GHSA-wg6g-ppvx-927h

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:cached-path-relative:\<1.1.0:*:*:*:*:*:*:*

commands.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/support/commands.js
MD5: cc6392151b985be9b29fb0609de9c6ac
SHA1: f8adb9d558ddadcfec452b76645ba88f34eb1976
SHA256:8331fe7e18aa326585ecae7c18777ea34b2968a0503008cfe746359dd07fce88

Identifiers

  • None

de.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/l10n/de.js
MD5: 73ad60a1b5fdb35abb10db45d74aa6c8
SHA1: 321e2e22f4f0ab8fb633b99735e8ba05d78539a7
SHA256:fb10a306b5964a262811dd1a1f3a94c19cf155c8f89549d650e3eb85cf2e300c

Identifiers

  • None

eidlogin-adminsettings.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/src/eidlogin-adminsettings.js
MD5: 3946520d60cfb31afa0e0dac336ed7c5
SHA1: f6d19f2e6e71af45fc4d4026b9061d6d8ff94a65
SHA256:01e4fab7b234ecb33ecf8c459946ac8967200ffea384a3fde65033bacc066b18

Identifiers

  • None

eidlogin-personalsettings.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/src/eidlogin-personalsettings.js
MD5: 452c9fbdfc764c971c0dbc993a0e24c1
SHA1: b8d83733ea6ba5aabef930fb750c25608f80c9ff
SHA256:9b74438ecde8bd4da63bf2a7d7fb54069c9c45c7a567709b557303848a74ec16

Identifiers

  • None

index.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/plugins/index.js
MD5: 7c4a86efd6e96969bd3d44c7335fafec
SHA1: 7727f80f3d86a3e32dd27f8848c06b6638327833
SHA256:2e75690fc9ff0ea6a5468294b0794d2b1945542bf60cf66ddba27ab2a2fe7a6f

Identifiers

  • None

index.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/support/index.js
MD5: 9271614a3a318a9eda003e3f59bdb747
SHA1: dc7f43b7102568f8164f2a9ba0c6eb6d5f9e05cc
SHA256:c22e3efa63022d893017c3d0a528b661fa957a0f2dfa95bbb5fe5e54187cee83

Identifiers

  • None

metadata.spec.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/metadata.spec.js
MD5: a5613f900adfd21f1129ef4ee5a5de06
SHA1: a441c8ff1d6521be1f78fb4187d913e43d8f13cd
SHA256:4b17dd9683ddc80d670641b1e62f32a226b8d210f52d992ea2c76a5b66f48665

Identifiers

  • None

minimist:1.2.5

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?minimist

Referenced In Project/Scope:package-lock.json: transitive

Identifiers

NPM-1067342  

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Unscored:
  • Severity: critical

References:
  • Advisory 1067342: Prototype Pollution in minimist - - https://nvd.nist.gov/vuln/detail/CVE-2021-44906 - https://github.com/substack/minimist/issues/164 - https://github.com/substack/minimist/blob/master/index.js#L69 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068 - https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip - https://github.com/advisories/GHSA-xvch-5gv4-984h

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:minimist:\<1.2.6:*:*:*:*:*:*:*

nanoid:3.1.30

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?nanoid

Referenced In Project/Scope:package-lock.json: transitive

Identifiers

NPM-1067367  

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Unscored:
  • Severity: moderate

References:
  • Advisory 1067367: Exposure of Sensitive Information to an Unauthorized Actor in nanoid - - https://nvd.nist.gov/vuln/detail/CVE-2021-23566 - https://github.com/ai/nanoid/pull/328 - https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575 - https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550 - https://snyk.io/vuln/SNYK-JS-NANOID-2332193 - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:nanoid:\>\=3.0.0\<3.1.31:*:*:*:*:*:*:*

personal_settings_login.spec.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/personal_settings_login.spec.js
MD5: f115c4424967b1faac679caab33b2c1b
SHA1: 9833ee2a3ff64f009d9a0be26244d1ff6d9d8757
SHA256:d0210743f0a91e0ff5dda2f95b722507e24a03a22d17d6a570b7d4e3b2ad15d8

Identifiers

  • None

php-saml:dev-master

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:eid-login/php-saml/dev-master

Identifiers

phpseclib:2.0.35

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:phpseclib/phpseclib/2.0.35

Identifiers

webpack.config.js

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/webpack.config.js
MD5: 40754ea46bafa622059203e16e4ccb11
SHA1: cc7c48ee208e9cc0b80bf29f57114fe71993eb05
SHA256:1bf19c44fc7b2a619321c3b23dcdddad0badcc8c2daa058861bcde48041a03a0

Identifiers

  • None

xmlseclibs:1.0.0

File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:eid-login/xmlseclibs/1.0.0

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.