@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -14,6 +14,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
14
14
|
title: 'SQL Injection - Error Based',
|
|
15
15
|
description: 'Error-based SQL injection vulnerability detected where database error messages are reflected in the application response, allowing attackers to extract sensitive data from the database by manipulating SQL queries and analyzing error output.',
|
|
16
16
|
severity: 'high',
|
|
17
|
+
levelId: 2,
|
|
17
18
|
category: 'injection',
|
|
18
19
|
scanner: 'sql-injection',
|
|
19
20
|
cvss: {
|
|
@@ -35,6 +36,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
35
36
|
title: 'SQL Injection - Boolean Based Blind',
|
|
36
37
|
description: 'Boolean-based blind SQL injection vulnerability where the application responds differently based on whether injected conditions evaluate to true or false, enabling attackers to infer database contents one bit at a time through systematic query manipulation.',
|
|
37
38
|
severity: 'high',
|
|
39
|
+
levelId: 2,
|
|
38
40
|
category: 'injection',
|
|
39
41
|
scanner: 'sql-injection',
|
|
40
42
|
cvss: {
|
|
@@ -56,6 +58,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
56
58
|
title: 'SQL Injection - Time Based Blind',
|
|
57
59
|
description: 'Time-based blind SQL injection vulnerability where attackers can infer database contents by measuring response time differences caused by injected time delay functions like SLEEP() or WAITFOR, enabling complete database extraction through timing analysis.',
|
|
58
60
|
severity: 'high',
|
|
61
|
+
levelId: 2,
|
|
59
62
|
category: 'injection',
|
|
60
63
|
scanner: 'sql-injection',
|
|
61
64
|
cvss: {
|
|
@@ -77,6 +80,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
77
80
|
title: 'SQL Injection - Stacked Queries',
|
|
78
81
|
description: 'Critical stacked queries SQL injection vulnerability allowing attackers to execute multiple SQL statements in a single query, enabling destructive operations like DROP TABLE, INSERT into admin tables, or creating backdoor accounts with full database control.',
|
|
79
82
|
severity: 'critical',
|
|
83
|
+
levelId: 1,
|
|
80
84
|
category: 'injection',
|
|
81
85
|
scanner: 'sql-injection',
|
|
82
86
|
cvss: {
|
|
@@ -98,6 +102,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
98
102
|
title: 'SQL Injection - UNION Based',
|
|
99
103
|
description: 'UNION-based SQL injection vulnerability allowing attackers to append additional SELECT queries using UNION operator, enabling direct extraction of data from other database tables including user credentials, personal information, and sensitive business data.',
|
|
100
104
|
severity: 'high',
|
|
105
|
+
levelId: 2,
|
|
101
106
|
category: 'injection',
|
|
102
107
|
scanner: 'sql-injection',
|
|
103
108
|
cvss: {
|
|
@@ -122,6 +127,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
122
127
|
title: 'OS Command Injection - OOB Confirmed',
|
|
123
128
|
description: 'Critical OS command injection vulnerability confirmed through out-of-band callback detection, proving that attacker-controlled shell commands are being executed on the server operating system with full access to system resources and potential for complete server compromise.',
|
|
124
129
|
severity: 'critical',
|
|
130
|
+
levelId: 1,
|
|
125
131
|
category: 'injection',
|
|
126
132
|
scanner: 'command-injection',
|
|
127
133
|
cvss: {
|
|
@@ -143,6 +149,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
143
149
|
title: 'OS Command Injection - Reflected Output',
|
|
144
150
|
description: 'OS command injection vulnerability confirmed by command output being reflected in the application response, indicating that shell commands execute on the server and their results are returned to the attacker for data exfiltration and system reconnaissance.',
|
|
145
151
|
severity: 'critical',
|
|
152
|
+
levelId: 1,
|
|
146
153
|
category: 'injection',
|
|
147
154
|
scanner: 'command-injection',
|
|
148
155
|
cvss: {
|
|
@@ -164,6 +171,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
164
171
|
title: 'OS Command Injection - Time Based',
|
|
165
172
|
description: 'Time-based OS command injection vulnerability detected through measurable response time delays caused by injected sleep or ping commands, strongly indicating that shell commands execute on the server even though output is not directly visible in responses.',
|
|
166
173
|
severity: 'high',
|
|
174
|
+
levelId: 2,
|
|
167
175
|
category: 'injection',
|
|
168
176
|
scanner: 'command-injection',
|
|
169
177
|
cvss: {
|
|
@@ -185,6 +193,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
185
193
|
title: 'OS Command Injection - Error Based',
|
|
186
194
|
description: 'Potential OS command injection vulnerability indicated by distinctive error messages or system-level exceptions in the application response when malformed shell payloads are submitted, suggesting command execution attempts reach the operating system interpreter.',
|
|
187
195
|
severity: 'medium',
|
|
196
|
+
levelId: 3,
|
|
188
197
|
category: 'injection',
|
|
189
198
|
scanner: 'command-injection',
|
|
190
199
|
cvss: {
|
|
@@ -209,6 +218,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
209
218
|
title: 'Server-Side Template Injection - Jinja2',
|
|
210
219
|
description: 'Critical server-side template injection vulnerability in Jinja2 (Python/Flask) where user input is processed as template code, enabling attackers to execute arbitrary Python code on the server through template expressions like {{config}} or {{request.application.__globals__}}.',
|
|
211
220
|
severity: 'critical',
|
|
221
|
+
levelId: 1,
|
|
212
222
|
category: 'injection',
|
|
213
223
|
scanner: 'ssti',
|
|
214
224
|
cvss: {
|
|
@@ -230,6 +240,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
230
240
|
title: 'Server-Side Template Injection - Twig',
|
|
231
241
|
description: 'Critical server-side template injection vulnerability in Twig (PHP/Symfony) where user input is evaluated as template expressions, allowing attackers to execute arbitrary PHP code on the server through filter chains and object method invocations within template syntax.',
|
|
232
242
|
severity: 'critical',
|
|
243
|
+
levelId: 1,
|
|
233
244
|
category: 'injection',
|
|
234
245
|
scanner: 'ssti',
|
|
235
246
|
cvss: {
|
|
@@ -251,6 +262,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
251
262
|
title: 'Server-Side Template Injection - FreeMarker',
|
|
252
263
|
description: 'Critical server-side template injection vulnerability in FreeMarker (Java) where user-controlled data is interpreted as template directives, enabling remote code execution through Java class instantiation and method invocation via FreeMarker built-in expressions.',
|
|
253
264
|
severity: 'critical',
|
|
265
|
+
levelId: 1,
|
|
254
266
|
category: 'injection',
|
|
255
267
|
scanner: 'ssti',
|
|
256
268
|
cvss: {
|
|
@@ -272,6 +284,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
272
284
|
title: 'Server-Side Template Injection - Generic',
|
|
273
285
|
description: 'Server-side template injection vulnerability detected where user input is being processed by a template engine, potentially allowing code execution. The specific template engine could not be determined, but mathematical expression evaluation confirms server-side processing of user input.',
|
|
274
286
|
severity: 'high',
|
|
287
|
+
levelId: 2,
|
|
275
288
|
category: 'injection',
|
|
276
289
|
scanner: 'ssti',
|
|
277
290
|
cvss: {
|
|
@@ -293,6 +306,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
293
306
|
title: 'Server-Side Template Injection - Velocity',
|
|
294
307
|
description: 'Critical server-side template injection vulnerability in Apache Velocity (Java) where user-controlled data is processed as template directives, enabling arbitrary Java code execution through Velocity Template Language expressions and class instantiation.',
|
|
295
308
|
severity: 'critical',
|
|
309
|
+
levelId: 1,
|
|
296
310
|
category: 'injection',
|
|
297
311
|
scanner: 'ssti',
|
|
298
312
|
cvss: {
|
|
@@ -314,6 +328,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
314
328
|
title: 'Server-Side Template Injection - Thymeleaf',
|
|
315
329
|
description: 'Critical server-side template injection vulnerability in Thymeleaf (Spring/Java) where user input is processed as template expressions, enabling remote code execution through SpEL (Spring Expression Language) injection in template attributes.',
|
|
316
330
|
severity: 'critical',
|
|
331
|
+
levelId: 1,
|
|
317
332
|
category: 'injection',
|
|
318
333
|
scanner: 'ssti',
|
|
319
334
|
cvss: {
|
|
@@ -335,6 +350,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
335
350
|
title: 'Server-Side Template Injection - ERB',
|
|
336
351
|
description: 'Critical server-side template injection vulnerability in ERB (Ruby on Rails) where user input is embedded in ERB templates and executed as Ruby code, enabling arbitrary system command execution and complete server compromise through Ruby runtime access.',
|
|
337
352
|
severity: 'critical',
|
|
353
|
+
levelId: 1,
|
|
338
354
|
category: 'injection',
|
|
339
355
|
scanner: 'ssti',
|
|
340
356
|
cvss: {
|
|
@@ -356,6 +372,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
356
372
|
title: 'Server-Side Template Injection - EJS',
|
|
357
373
|
description: 'Critical server-side template injection vulnerability in EJS (Node.js) where user-controlled data is processed as template code, allowing arbitrary JavaScript execution on the server through embedded JavaScript expressions and access to Node.js runtime.',
|
|
358
374
|
severity: 'critical',
|
|
375
|
+
levelId: 1,
|
|
359
376
|
category: 'injection',
|
|
360
377
|
scanner: 'ssti',
|
|
361
378
|
cvss: {
|
|
@@ -377,6 +394,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
377
394
|
title: 'Server-Side Template Injection - Pug/Jade',
|
|
378
395
|
description: 'Critical server-side template injection vulnerability in Pug (formerly Jade, Node.js) where user input is interpreted as template syntax, enabling arbitrary JavaScript code execution through Pug embedded code blocks and access to server-side Node.js environment.',
|
|
379
396
|
severity: 'critical',
|
|
397
|
+
levelId: 1,
|
|
380
398
|
category: 'injection',
|
|
381
399
|
scanner: 'ssti',
|
|
382
400
|
cvss: {
|
|
@@ -398,6 +416,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
398
416
|
title: 'Server-Side Template Injection - Smarty',
|
|
399
417
|
description: 'Critical server-side template injection vulnerability in Smarty (PHP) where user input is processed as template code, enabling arbitrary PHP code execution through Smarty tags and function calls that can lead to complete server compromise.',
|
|
400
418
|
severity: 'critical',
|
|
419
|
+
levelId: 1,
|
|
401
420
|
category: 'injection',
|
|
402
421
|
scanner: 'ssti',
|
|
403
422
|
cvss: {
|
|
@@ -419,6 +438,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
419
438
|
title: 'Server-Side Template Injection - Mako',
|
|
420
439
|
description: 'Critical server-side template injection vulnerability in Mako (Python) where user-controlled data is executed as template code, enabling arbitrary Python code execution through Mako expressions and full access to the Python runtime environment.',
|
|
421
440
|
severity: 'critical',
|
|
441
|
+
levelId: 1,
|
|
422
442
|
category: 'injection',
|
|
423
443
|
scanner: 'ssti',
|
|
424
444
|
cvss: {
|
|
@@ -443,6 +463,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
443
463
|
title: 'XML External Entity Injection - Error Based',
|
|
444
464
|
description: 'Error-based XXE vulnerability where file contents can be extracted through parser error messages by crafting malformed external entities that include file data in error output, enabling data exfiltration even when direct output is not reflected.',
|
|
445
465
|
severity: 'high',
|
|
466
|
+
levelId: 2,
|
|
446
467
|
category: 'injection',
|
|
447
468
|
scanner: 'xxe',
|
|
448
469
|
cvss: {
|
|
@@ -464,6 +485,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
464
485
|
title: 'XML External Entity Injection - Parameter Entity',
|
|
465
486
|
description: 'XXE vulnerability exploiting parameter entities in DTD declarations to exfiltrate data or perform SSRF attacks when regular external entities are blocked, by using percent-encoded entity references within the document type definition.',
|
|
466
487
|
severity: 'high',
|
|
488
|
+
levelId: 2,
|
|
467
489
|
category: 'injection',
|
|
468
490
|
scanner: 'xxe',
|
|
469
491
|
cvss: {
|
|
@@ -488,6 +510,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
488
510
|
title: 'Local File Inclusion - Filter Bypass',
|
|
489
511
|
description: 'Local file inclusion vulnerability that bypasses input validation filters through encoding tricks (URL encoding, double encoding, null bytes), alternate path separators, or case manipulation to access files despite security controls.',
|
|
490
512
|
severity: 'high',
|
|
513
|
+
levelId: 2,
|
|
491
514
|
category: 'file_inclusion',
|
|
492
515
|
scanner: 'local-file-inclusion',
|
|
493
516
|
cvss: {
|
|
@@ -509,6 +532,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
509
532
|
title: 'Local File Inclusion - Process Information Disclosure',
|
|
510
533
|
description: 'LFI vulnerability enabling access to /proc filesystem on Linux systems, exposing process memory maps, environment variables with credentials, command line arguments, and other runtime information that can reveal secrets and aid further attacks.',
|
|
511
534
|
severity: 'high',
|
|
535
|
+
levelId: 2,
|
|
512
536
|
category: 'file_inclusion',
|
|
513
537
|
scanner: 'local-file-inclusion',
|
|
514
538
|
cvss: {
|
|
@@ -533,6 +557,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
533
557
|
title: 'XML External Entity Injection - Classic',
|
|
534
558
|
description: 'Classic XXE vulnerability where external XML entities are processed by the parser, allowing attackers to read local files like /etc/passwd or application configuration files by defining external entities that reference file:// protocol URIs in the XML document type definition.',
|
|
535
559
|
severity: 'high',
|
|
560
|
+
levelId: 2,
|
|
536
561
|
category: 'injection',
|
|
537
562
|
scanner: 'xxe',
|
|
538
563
|
cvss: {
|
|
@@ -554,6 +579,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
554
579
|
title: 'XML External Entity Injection - Blind',
|
|
555
580
|
description: 'Blind XXE vulnerability where external entities are processed but file contents are not directly returned in the response. Exploitation requires out-of-band techniques like error-based extraction or HTTP callbacks to exfiltrate data from the target server.',
|
|
556
581
|
severity: 'high',
|
|
582
|
+
levelId: 2,
|
|
557
583
|
category: 'injection',
|
|
558
584
|
scanner: 'xxe',
|
|
559
585
|
cvss: {
|
|
@@ -575,6 +601,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
575
601
|
title: 'XML External Entity Injection - Out-of-Band',
|
|
576
602
|
description: 'Critical out-of-band XXE vulnerability confirmed through external HTTP/DNS callbacks, proving the XML parser fetches external resources. This enables data exfiltration through URL parameters and server-side request forgery attacks against internal network resources.',
|
|
577
603
|
severity: 'critical',
|
|
604
|
+
levelId: 1,
|
|
578
605
|
category: 'injection',
|
|
579
606
|
scanner: 'xxe',
|
|
580
607
|
cvss: {
|
|
@@ -600,6 +627,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
600
627
|
title: 'Local File Inclusion - Path Traversal',
|
|
601
628
|
description: 'Path traversal vulnerability allowing attackers to read arbitrary files on the server by manipulating file path parameters with directory traversal sequences like ../ to escape the intended directory and access sensitive system or application configuration files.',
|
|
602
629
|
severity: 'high',
|
|
630
|
+
levelId: 2,
|
|
603
631
|
category: 'file_inclusion',
|
|
604
632
|
scanner: 'local-file-inclusion',
|
|
605
633
|
cvss: {
|
|
@@ -622,6 +650,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
622
650
|
title: 'Local File Inclusion - Source Code Disclosure',
|
|
623
651
|
description: 'Critical source code disclosure vulnerability where application source files can be read through file inclusion, exposing proprietary code, hardcoded credentials, API keys, database connection strings, and security implementation details that facilitate further attacks.',
|
|
624
652
|
severity: 'high',
|
|
653
|
+
levelId: 2,
|
|
625
654
|
category: 'file_inclusion',
|
|
626
655
|
scanner: 'local-file-inclusion',
|
|
627
656
|
cvss: {
|
|
@@ -644,6 +673,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
644
673
|
title: 'Local File Inclusion - PHP Wrapper Protocol',
|
|
645
674
|
description: 'PHP wrapper protocol exploitation where filter or data wrappers like php://filter or php://input can be used to read source files as base64, write arbitrary files, or achieve remote code execution through deserialization when phar:// wrapper is enabled.',
|
|
646
675
|
severity: 'critical',
|
|
676
|
+
levelId: 1,
|
|
647
677
|
category: 'file_inclusion',
|
|
648
678
|
scanner: 'local-file-inclusion',
|
|
649
679
|
cvss: {
|
|
@@ -665,6 +695,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
665
695
|
title: 'XPath Injection - Authentication Bypass',
|
|
666
696
|
description: 'XPath injection vulnerability where crafted input manipulates XPath queries to bypass authentication or authorization checks, allowing attackers to log in as other users or access protected resources without valid credentials.',
|
|
667
697
|
severity: 'high',
|
|
698
|
+
levelId: 2,
|
|
668
699
|
category: 'injection',
|
|
669
700
|
scanner: 'xpath-injection',
|
|
670
701
|
cvss: {
|
|
@@ -686,6 +717,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
686
717
|
title: 'XPath Injection - Data Extraction',
|
|
687
718
|
description: 'XPath injection vulnerability that allows attackers to read or enumerate sensitive XML data by manipulating query predicates, leading to disclosure of user data, configuration, or credentials stored in XML-backed systems.',
|
|
688
719
|
severity: 'high',
|
|
720
|
+
levelId: 2,
|
|
689
721
|
category: 'injection',
|
|
690
722
|
scanner: 'xpath-injection',
|
|
691
723
|
cvss: {
|
|
@@ -707,6 +739,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
707
739
|
title: 'XPath Injection - Blind',
|
|
708
740
|
description: 'Blind XPath injection vulnerability where attackers infer query results through boolean or timing differences, enabling gradual extraction of sensitive XML data despite no direct response output.',
|
|
709
741
|
severity: 'medium',
|
|
742
|
+
levelId: 3,
|
|
710
743
|
category: 'injection',
|
|
711
744
|
scanner: 'xpath-injection',
|
|
712
745
|
cvss: {
|
|
@@ -728,6 +761,7 @@ export const INJECTION_VULNERABILITIES = {
|
|
|
728
761
|
title: 'XPath Injection - Error Based',
|
|
729
762
|
description: 'XPath injection vulnerability where malformed input triggers verbose error messages that reveal query structure or XML data, enabling attackers to craft precise XPath exploits or extract sensitive information.',
|
|
730
763
|
severity: 'medium',
|
|
764
|
+
levelId: 3,
|
|
731
765
|
category: 'injection',
|
|
732
766
|
scanner: 'xpath-injection',
|
|
733
767
|
cvss: {
|