Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Dependency | Vulnerability IDs | Package | Highest Severity | CVE Count | Confidence | Evidence Count |
---|---|---|---|---|---|---|
ansi-regex:5.0.0 | pkg:npm/ansi-regex@5.0.0 | high | 1 | 3 | ||
async:3.2.0 | pkg:npm/async@3.2.0 | high | 1 | 3 | ||
commands.js | 0 | 0 | ||||
eidlogin-admin.js | 0 | 0 | ||||
index.js | 0 | 0 | ||||
index.js | 0 | 0 | ||||
json-schema:0.2.3 | pkg:npm/json-schema@0.2.3 | moderate | 1 | 3 | ||
login.spec.js | 0 | 0 | ||||
metadata.spec.js | 0 | 0 | ||||
minimist:1.2.5 | pkg:npm/minimist@1.2.5 | critical | 1 | 3 | ||
php-saml:1.0.0 | pkg:composer/eid-login/php-saml@1.0.0 | 0 | 3 | |||
phpseclib:2.0.32 | cpe:2.3:a:phpseclib:phpseclib:2.0.32:*:*:*:*:*:*:* | pkg:composer/phpseclib/phpseclib@2.0.32 | 0 | Highest | 3 | |
polyfill-ctype:1.23.0 | pkg:composer/symfony/polyfill-ctype@1.23.0 | 0 | 4 | |||
polyfill-mbstring:1.23.0 | pkg:composer/symfony/polyfill-mbstring@1.23.0 | 0 | 4 | |||
settings.spec.js | 0 | 0 | ||||
skidentity.spec.js | 0 | 0 | ||||
twig:3.3.2 | pkg:composer/twig/twig@3.3.2 | 0 | 3 | |||
xmlseclibs:1.0.0 | pkg:composer/eid-login/xmlseclibs@1.0.0 | 0 | 3 |
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/package-lock.json?ansi-regex
Referenced In Project/Scope:package-lock.json: transitive
ansi-regex is vulnerable to Inefficient Regular Expression ComplexityUnscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/package-lock.json?async
Referenced In Project/Scope:package-lock.json: transitive
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the `mapValues()` method.Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/support/commands.js
MD5: 0f988f6f2acdd819d496a65d88f1d393
SHA1: 2998e545072a527f1de3ca22a451b7b5bce5864e
SHA256:3d6d102f03e189af712a885e1fd452dbe315ff373720440b91f1e5795ed830c2
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/admin/js/eidlogin-admin.js
MD5: 7826986619369196b732456a762654a6
SHA1: f8dd24fa6ec91288d9b18729fcfb4ff5cd683130
SHA256:7855ea28d63a82661a096ac7cd72d7e2d47d934fb18091676feabe036ee44e50
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/plugins/index.js
MD5: b04224fd615320863c8fedbf0e6efb82
SHA1: 48cfbe79907cd1765ff05a94f16fab49a52c3ddb
SHA256:0f9827249cd0376d4e1b2cff2cea296890e3418d1b29b4b5fbe2db7107606513
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/support/index.js
MD5: 3877ba97a1c835641187d4ae88c906bb
SHA1: 40729590711a7deb33422fd3bd5b4ec697c5d96f
SHA256:d186036d790efe3f6db36ff0b659eb06897baf108a32f9a05c040eacd5671e22
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/package-lock.json?json-schema
Referenced In Project/Scope:package-lock.json: transitive
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/integration/login.spec.js
MD5: 2538932ec4967549751f4451ecd53bde
SHA1: 3d982b3eec567a4c464a842a913ab42796ff5166
SHA256:e8e53922c374701934cb74cfcfdded3a3e0391c0b21351bbf23e95361a534d6c
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/integration/metadata.spec.js
MD5: eda1f43fc2269ded00e225d3e63a1539
SHA1: 14d765547e3914a7ff4cd78989c44b42e5897bbc
SHA256:9b1e0cc575f7af98873fea6ed85879a10e6430a77260ac664e177f3f6984b0f3
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/package-lock.json?minimist
Referenced In Project/Scope:package-lock.json: transitive
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).Unscored:
Vulnerable Software & Versions (NPM):
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:eid-login/php-saml/1.0.0
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:phpseclib/phpseclib/2.0.32
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:symfony/polyfill-ctype/1.23.0
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:symfony/polyfill-mbstring/1.23.0
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/integration/settings.spec.js
MD5: 358d31cb233278c18c25f06af5559263
SHA1: e4af3e898a9419c614151b0b2023cfefcd64d52b
SHA256:4befa99a4e8ca4229e11f3eb50b1e603f57bb990a094966b98849dc0d8a7db98
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/cypress/integration/skidentity.spec.js
MD5: e3e571b19774f3f70bc1d59cc367372b
SHA1: 06fd5da8f87289efe28ce8bd7313a3d0c2b55b94
SHA256:7c949787cab0bfb0de1695ecc5d3674922519eca7e2d78e47f859459d46316a3
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:twig/twig/3.3.2
File Path: /Users/aelchlepp/DEV/mgm/BSI/eid/eid-login-wordpress/composer.lock:eid-login/xmlseclibs/1.0.0