From 20a96cc20a9487a4d4c0ff496b6bc5e0e220830d Mon Sep 17 00:00:00 2001 From: SemProvoost <27961543+SemProvoost@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:24:15 +0100 Subject: [PATCH] Reapply "Merge pull request #5 from AikidoSec/test-pr-5" This reverts commit 180428baa26d6b8379db9c0f328cbee44ed76ba1. --- input/new.json | 51 +++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/input/new.json b/input/new.json index af0d52f..04c24c9 100644 --- a/input/new.json +++ b/input/new.json @@ -1,22 +1,31 @@ { - "package_name": "", - "patch_versions": [], - "vulnerable_ranges": [], - "cwe": [], - "tldr": "", - "doest_this_affect_me": "", - "how_to_fix": "", - "reporter": "", - "vulnerable_to": "", - "related_cve_id": "", - "language": "", - "severity_class": "", - "aikido_score": 0, - "changelog": "", - "package_name_alias": null, - "package_wildcard_ends_in": null, - "package_wildcard_contains": null, - "extra_specific_non_vulnerable_versions": null, - "unaffected_distros": null, - "simplify_version_if_has_patch_part": false -} + "package_name": "@tiptap/extension-link", + "patch_versions": [ + "2.10.4" + ], + "vulnerable_ranges": [ + [ + "2.0.0", + "2.10.3" + ] + ], + "cwe": [ + "CWE-79" + ], + "tldr": "Affected versions of this package do not validate link protocols before setting or toggling links, making them vulnerable to Cross-site Scripting (XSS). Attackers can exploit this flaw to inject malicious scripts, potentially compromising user data or executing unauthorized actions.", + "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.", + "how_to_fix": "Upgrade the `@tiptap/extension-link` library to the patch version.", + "reporter": "", + "vulnerable_to": "Cross-site Scripting (XSS)", + "related_cve_id": "", + "language": "JS", + "severity_class": "MEDIUM", + "aikido_score": 46, + "changelog": "https://github.com/ueberdosis/tiptap/releases/tag/v2.10.4", + "package_name_alias": null, + "package_wildcard_ends_in": null, + "package_wildcard_contains": null, + "extra_specific_non_vulnerable_versions": null, + "unaffected_distros": null, + "simplify_version_if_has_patch_part": false +} \ No newline at end of file