Merge pull request #5490 from zapbot/retirejs-update

retire.js Update 2024-06-02
zaproxy · Jun 2, 2024 · 6c0e379 · 6c0e379
2 parents e10712a + a5f89c9
commit 6c0e379
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 4 deletions.
diff --git a/addOns/retire/CHANGELOG.md b/addOns/retire/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
+### Changed
+- Updated with upstream retire.js pattern changes.
+
 
 
 ## [0.35.0] - 2024-05-07

diff --git a/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json b/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json
@@ -1227,8 +1227,7 @@
           "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
           "githubID": "GHSA-27gm-ghr9-4v95",
           "CVE": [
-            "CVE-2020-17480",
-            "CVE-2020-23066"
+            "CVE-2020-17480"
           ]
         },
         "info": [
@@ -1298,8 +1297,7 @@
           "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
           "githubID": "GHSA-27gm-ghr9-4v95",
           "CVE": [
-            "CVE-2020-17480",
-            "CVE-2020-23066"
+            "CVE-2020-17480"
           ]
         },
         "info": [
@@ -6447,6 +6445,52 @@
         "info": [
           "https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
         ]
+      },
+      {
+        "atOrAbove": "13.4.0",
+        "below": "13.5.1",
+        "cwe": [
+          "CWE-444"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js Vulnerable to HTTP Request Smuggling",
+          "CVE": [
+            "CVE-2024-34350"
+          ],
+          "githubID": "GHSA-77r5-gw3j-2mpf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
+          "https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
+        ]
+      },
+      {
+        "atOrAbove": "13.4.0",
+        "below": "14.1.1",
+        "cwe": [
+          "CWE-918"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js Server-Side Request Forgery in Server Actions",
+          "CVE": [
+            "CVE-2024-34351"
+          ],
+          "githubID": "GHSA-fr5h-rqp8-mj6g"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
+          "https://github.com/vercel/next.js/pull/62561",
+          "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
+          "https://github.com/vercel/next.js"
+        ]
       }
     ],
     "extractors": {