Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Dependency | Vulnerability IDs | Package | Highest Severity | CVE Count | Confidence | Evidence Count |
---|---|---|---|---|---|---|
.eslintrc.js | 0 | 0 | ||||
admin_settings.spec.js | 0 | 0 | ||||
cached-path-relative:1.0.2 | pkg:npm/cached-path-relative@1.0.2 | high | 1 | 3 | ||
commands.js | 0 | 0 | ||||
de.js | 0 | 0 | ||||
eidlogin-adminsettings.js | 0 | 0 | ||||
eidlogin-personalsettings.js | 0 | 0 | ||||
index.js | 0 | 0 | ||||
index.js | 0 | 0 | ||||
metadata.spec.js | 0 | 0 | ||||
minimist:1.2.5 | pkg:npm/minimist@1.2.5 | critical | 1 | 3 | ||
nanoid:3.1.30 | pkg:npm/nanoid@3.1.30 | moderate | 1 | 3 | ||
personal_settings_login.spec.js | 0 | 0 | ||||
php-saml:dev-master | pkg:composer/eid-login/php-saml@dev-master | 0 | 3 | |||
phpseclib:2.0.35 | cpe:2.3:a:phpseclib:phpseclib:2.0.35:*:*:*:*:*:*:* | pkg:composer/phpseclib/phpseclib@2.0.35 | 0 | Highest | 3 | |
webpack.config.js | 0 | 0 | ||||
xmlseclibs:1.0.0 | pkg:composer/eid-login/xmlseclibs@1.0.0 | 0 | 3 |
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/.eslintrc.js
MD5: 9a2fad71d0b7a21c233b793e1780f357
SHA1: 174af4e3dda30558d642bbfafdcdcd48c14b6408
SHA256:7091cceae7e9ff77ecd02b7c5d55c566212ddfcd37c8517d2ecaaa3db647a062
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/admin_settings.spec.js
MD5: d228b818fbe235b8c472d9d0f3eadc47
SHA1: f9ba3db5e499b499d4133e4b99d5e0effb09b6cd
SHA256:7a682939165f171b4404f50063b34165e3f9abcb4af974626c56cde72418b18e
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?cached-path-relative
Referenced In Project/Scope:package-lock.json: transitive
The package cached-path-relative before 1.1.0 is vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/support/commands.js
MD5: cc6392151b985be9b29fb0609de9c6ac
SHA1: f8adb9d558ddadcfec452b76645ba88f34eb1976
SHA256:8331fe7e18aa326585ecae7c18777ea34b2968a0503008cfe746359dd07fce88
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/l10n/de.js
MD5: 73ad60a1b5fdb35abb10db45d74aa6c8
SHA1: 321e2e22f4f0ab8fb633b99735e8ba05d78539a7
SHA256:fb10a306b5964a262811dd1a1f3a94c19cf155c8f89549d650e3eb85cf2e300c
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/src/eidlogin-adminsettings.js
MD5: 3946520d60cfb31afa0e0dac336ed7c5
SHA1: f6d19f2e6e71af45fc4d4026b9061d6d8ff94a65
SHA256:01e4fab7b234ecb33ecf8c459946ac8967200ffea384a3fde65033bacc066b18
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/src/eidlogin-personalsettings.js
MD5: 452c9fbdfc764c971c0dbc993a0e24c1
SHA1: b8d83733ea6ba5aabef930fb750c25608f80c9ff
SHA256:9b74438ecde8bd4da63bf2a7d7fb54069c9c45c7a567709b557303848a74ec16
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/plugins/index.js
MD5: 7c4a86efd6e96969bd3d44c7335fafec
SHA1: 7727f80f3d86a3e32dd27f8848c06b6638327833
SHA256:2e75690fc9ff0ea6a5468294b0794d2b1945542bf60cf66ddba27ab2a2fe7a6f
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/support/index.js
MD5: 9271614a3a318a9eda003e3f59bdb747
SHA1: dc7f43b7102568f8164f2a9ba0c6eb6d5f9e05cc
SHA256:c22e3efa63022d893017c3d0a528b661fa957a0f2dfa95bbb5fe5e54187cee83
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/metadata.spec.js
MD5: a5613f900adfd21f1129ef4ee5a5de06
SHA1: a441c8ff1d6521be1f78fb4187d913e43d8f13cd
SHA256:4b17dd9683ddc80d670641b1e62f32a226b8d210f52d992ea2c76a5b66f48665
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?minimist
Referenced In Project/Scope:package-lock.json: transitive
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/package-lock.json?nanoid
Referenced In Project/Scope:package-lock.json: transitive
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/cypress/integration/personal_settings_login.spec.js
MD5: f115c4424967b1faac679caab33b2c1b
SHA1: 9833ee2a3ff64f009d9a0be26244d1ff6d9d8757
SHA256:d0210743f0a91e0ff5dda2f95b722507e24a03a22d17d6a570b7d4e3b2ad15d8
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:eid-login/php-saml/dev-master
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:phpseclib/phpseclib/2.0.35
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/webpack.config.js
MD5: 40754ea46bafa622059203e16e4ccb11
SHA1: cc7c48ee208e9cc0b80bf29f57114fe71993eb05
SHA256:1bf19c44fc7b2a619321c3b23dcdddad0badcc8c2daa058861bcde48041a03a0
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-nextcloud/composer.lock:eid-login/xmlseclibs/1.0.0