@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -17,6 +17,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
17
17
|
title: 'SQL Injection - Error Based',
|
|
18
18
|
description: 'Error-based SQL injection vulnerability detected where database error messages are reflected in the application response, allowing attackers to extract sensitive data from the database by manipulating SQL queries and analyzing error output.',
|
|
19
19
|
severity: 'high',
|
|
20
|
+
levelId: 2,
|
|
20
21
|
category: 'injection',
|
|
21
22
|
scanner: 'sql-injection',
|
|
22
23
|
cvss: {
|
|
@@ -38,6 +39,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
38
39
|
title: 'SQL Injection - Boolean Based Blind',
|
|
39
40
|
description: 'Boolean-based blind SQL injection vulnerability where the application responds differently based on whether injected conditions evaluate to true or false, enabling attackers to infer database contents one bit at a time through systematic query manipulation.',
|
|
40
41
|
severity: 'high',
|
|
42
|
+
levelId: 2,
|
|
41
43
|
category: 'injection',
|
|
42
44
|
scanner: 'sql-injection',
|
|
43
45
|
cvss: {
|
|
@@ -59,6 +61,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
59
61
|
title: 'SQL Injection - Time Based Blind',
|
|
60
62
|
description: 'Time-based blind SQL injection vulnerability where attackers can infer database contents by measuring response time differences caused by injected time delay functions like SLEEP() or WAITFOR, enabling complete database extraction through timing analysis.',
|
|
61
63
|
severity: 'high',
|
|
64
|
+
levelId: 2,
|
|
62
65
|
category: 'injection',
|
|
63
66
|
scanner: 'sql-injection',
|
|
64
67
|
cvss: {
|
|
@@ -80,6 +83,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
80
83
|
title: 'SQL Injection - Stacked Queries',
|
|
81
84
|
description: 'Critical stacked queries SQL injection vulnerability allowing attackers to execute multiple SQL statements in a single query, enabling destructive operations like DROP TABLE, INSERT into admin tables, or creating backdoor accounts with full database control.',
|
|
82
85
|
severity: 'critical',
|
|
86
|
+
levelId: 1,
|
|
83
87
|
category: 'injection',
|
|
84
88
|
scanner: 'sql-injection',
|
|
85
89
|
cvss: {
|
|
@@ -101,6 +105,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
101
105
|
title: 'SQL Injection - UNION Based',
|
|
102
106
|
description: 'UNION-based SQL injection vulnerability allowing attackers to append additional SELECT queries using UNION operator, enabling direct extraction of data from other database tables including user credentials, personal information, and sensitive business data.',
|
|
103
107
|
severity: 'high',
|
|
108
|
+
levelId: 2,
|
|
104
109
|
category: 'injection',
|
|
105
110
|
scanner: 'sql-injection',
|
|
106
111
|
cvss: {
|
|
@@ -125,6 +130,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
125
130
|
title: 'OS Command Injection - OOB Confirmed',
|
|
126
131
|
description: 'Critical OS command injection vulnerability confirmed through out-of-band callback detection, proving that attacker-controlled shell commands are being executed on the server operating system with full access to system resources and potential for complete server compromise.',
|
|
127
132
|
severity: 'critical',
|
|
133
|
+
levelId: 1,
|
|
128
134
|
category: 'injection',
|
|
129
135
|
scanner: 'command-injection',
|
|
130
136
|
cvss: {
|
|
@@ -146,6 +152,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
146
152
|
title: 'OS Command Injection - Reflected Output',
|
|
147
153
|
description: 'OS command injection vulnerability confirmed by command output being reflected in the application response, indicating that shell commands execute on the server and their results are returned to the attacker for data exfiltration and system reconnaissance.',
|
|
148
154
|
severity: 'critical',
|
|
155
|
+
levelId: 1,
|
|
149
156
|
category: 'injection',
|
|
150
157
|
scanner: 'command-injection',
|
|
151
158
|
cvss: {
|
|
@@ -167,6 +174,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
167
174
|
title: 'OS Command Injection - Time Based',
|
|
168
175
|
description: 'Time-based OS command injection vulnerability detected through measurable response time delays caused by injected sleep or ping commands, strongly indicating that shell commands execute on the server even though output is not directly visible in responses.',
|
|
169
176
|
severity: 'high',
|
|
177
|
+
levelId: 2,
|
|
170
178
|
category: 'injection',
|
|
171
179
|
scanner: 'command-injection',
|
|
172
180
|
cvss: {
|
|
@@ -188,6 +196,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
188
196
|
title: 'OS Command Injection - Error Based',
|
|
189
197
|
description: 'Potential OS command injection vulnerability indicated by distinctive error messages or system-level exceptions in the application response when malformed shell payloads are submitted, suggesting command execution attempts reach the operating system interpreter.',
|
|
190
198
|
severity: 'medium',
|
|
199
|
+
levelId: 3,
|
|
191
200
|
category: 'injection',
|
|
192
201
|
scanner: 'command-injection',
|
|
193
202
|
cvss: {
|
|
@@ -212,6 +221,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
212
221
|
title: 'Server-Side Template Injection - Jinja2',
|
|
213
222
|
description: 'Critical server-side template injection vulnerability in Jinja2 (Python/Flask) where user input is processed as template code, enabling attackers to execute arbitrary Python code on the server through template expressions like {{config}} or {{request.application.__globals__}}.',
|
|
214
223
|
severity: 'critical',
|
|
224
|
+
levelId: 1,
|
|
215
225
|
category: 'injection',
|
|
216
226
|
scanner: 'ssti',
|
|
217
227
|
cvss: {
|
|
@@ -233,6 +243,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
233
243
|
title: 'Server-Side Template Injection - Twig',
|
|
234
244
|
description: 'Critical server-side template injection vulnerability in Twig (PHP/Symfony) where user input is evaluated as template expressions, allowing attackers to execute arbitrary PHP code on the server through filter chains and object method invocations within template syntax.',
|
|
235
245
|
severity: 'critical',
|
|
246
|
+
levelId: 1,
|
|
236
247
|
category: 'injection',
|
|
237
248
|
scanner: 'ssti',
|
|
238
249
|
cvss: {
|
|
@@ -254,6 +265,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
254
265
|
title: 'Server-Side Template Injection - FreeMarker',
|
|
255
266
|
description: 'Critical server-side template injection vulnerability in FreeMarker (Java) where user-controlled data is interpreted as template directives, enabling remote code execution through Java class instantiation and method invocation via FreeMarker built-in expressions.',
|
|
256
267
|
severity: 'critical',
|
|
268
|
+
levelId: 1,
|
|
257
269
|
category: 'injection',
|
|
258
270
|
scanner: 'ssti',
|
|
259
271
|
cvss: {
|
|
@@ -275,6 +287,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
275
287
|
title: 'Server-Side Template Injection - Generic',
|
|
276
288
|
description: 'Server-side template injection vulnerability detected where user input is being processed by a template engine, potentially allowing code execution. The specific template engine could not be determined, but mathematical expression evaluation confirms server-side processing of user input.',
|
|
277
289
|
severity: 'high',
|
|
290
|
+
levelId: 2,
|
|
278
291
|
category: 'injection',
|
|
279
292
|
scanner: 'ssti',
|
|
280
293
|
cvss: {
|
|
@@ -296,6 +309,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
296
309
|
title: 'Server-Side Template Injection - Velocity',
|
|
297
310
|
description: 'Critical server-side template injection vulnerability in Apache Velocity (Java) where user-controlled data is processed as template directives, enabling arbitrary Java code execution through Velocity Template Language expressions and class instantiation.',
|
|
298
311
|
severity: 'critical',
|
|
312
|
+
levelId: 1,
|
|
299
313
|
category: 'injection',
|
|
300
314
|
scanner: 'ssti',
|
|
301
315
|
cvss: {
|
|
@@ -317,6 +331,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
317
331
|
title: 'Server-Side Template Injection - Thymeleaf',
|
|
318
332
|
description: 'Critical server-side template injection vulnerability in Thymeleaf (Spring/Java) where user input is processed as template expressions, enabling remote code execution through SpEL (Spring Expression Language) injection in template attributes.',
|
|
319
333
|
severity: 'critical',
|
|
334
|
+
levelId: 1,
|
|
320
335
|
category: 'injection',
|
|
321
336
|
scanner: 'ssti',
|
|
322
337
|
cvss: {
|
|
@@ -338,6 +353,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
338
353
|
title: 'Server-Side Template Injection - ERB',
|
|
339
354
|
description: 'Critical server-side template injection vulnerability in ERB (Ruby on Rails) where user input is embedded in ERB templates and executed as Ruby code, enabling arbitrary system command execution and complete server compromise through Ruby runtime access.',
|
|
340
355
|
severity: 'critical',
|
|
356
|
+
levelId: 1,
|
|
341
357
|
category: 'injection',
|
|
342
358
|
scanner: 'ssti',
|
|
343
359
|
cvss: {
|
|
@@ -359,6 +375,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
359
375
|
title: 'Server-Side Template Injection - EJS',
|
|
360
376
|
description: 'Critical server-side template injection vulnerability in EJS (Node.js) where user-controlled data is processed as template code, allowing arbitrary JavaScript execution on the server through embedded JavaScript expressions and access to Node.js runtime.',
|
|
361
377
|
severity: 'critical',
|
|
378
|
+
levelId: 1,
|
|
362
379
|
category: 'injection',
|
|
363
380
|
scanner: 'ssti',
|
|
364
381
|
cvss: {
|
|
@@ -380,6 +397,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
380
397
|
title: 'Server-Side Template Injection - Pug/Jade',
|
|
381
398
|
description: 'Critical server-side template injection vulnerability in Pug (formerly Jade, Node.js) where user input is interpreted as template syntax, enabling arbitrary JavaScript code execution through Pug embedded code blocks and access to server-side Node.js environment.',
|
|
382
399
|
severity: 'critical',
|
|
400
|
+
levelId: 1,
|
|
383
401
|
category: 'injection',
|
|
384
402
|
scanner: 'ssti',
|
|
385
403
|
cvss: {
|
|
@@ -401,6 +419,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
401
419
|
title: 'Server-Side Template Injection - Smarty',
|
|
402
420
|
description: 'Critical server-side template injection vulnerability in Smarty (PHP) where user input is processed as template code, enabling arbitrary PHP code execution through Smarty tags and function calls that can lead to complete server compromise.',
|
|
403
421
|
severity: 'critical',
|
|
422
|
+
levelId: 1,
|
|
404
423
|
category: 'injection',
|
|
405
424
|
scanner: 'ssti',
|
|
406
425
|
cvss: {
|
|
@@ -422,6 +441,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
422
441
|
title: 'Server-Side Template Injection - Mako',
|
|
423
442
|
description: 'Critical server-side template injection vulnerability in Mako (Python) where user-controlled data is executed as template code, enabling arbitrary Python code execution through Mako expressions and full access to the Python runtime environment.',
|
|
424
443
|
severity: 'critical',
|
|
444
|
+
levelId: 1,
|
|
425
445
|
category: 'injection',
|
|
426
446
|
scanner: 'ssti',
|
|
427
447
|
cvss: {
|
|
@@ -446,6 +466,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
446
466
|
title: 'XML External Entity Injection - Error Based',
|
|
447
467
|
description: 'Error-based XXE vulnerability where file contents can be extracted through parser error messages by crafting malformed external entities that include file data in error output, enabling data exfiltration even when direct output is not reflected.',
|
|
448
468
|
severity: 'high',
|
|
469
|
+
levelId: 2,
|
|
449
470
|
category: 'injection',
|
|
450
471
|
scanner: 'xxe',
|
|
451
472
|
cvss: {
|
|
@@ -467,6 +488,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
467
488
|
title: 'XML External Entity Injection - Parameter Entity',
|
|
468
489
|
description: 'XXE vulnerability exploiting parameter entities in DTD declarations to exfiltrate data or perform SSRF attacks when regular external entities are blocked, by using percent-encoded entity references within the document type definition.',
|
|
469
490
|
severity: 'high',
|
|
491
|
+
levelId: 2,
|
|
470
492
|
category: 'injection',
|
|
471
493
|
scanner: 'xxe',
|
|
472
494
|
cvss: {
|
|
@@ -491,6 +513,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
491
513
|
title: 'Local File Inclusion - Filter Bypass',
|
|
492
514
|
description: 'Local file inclusion vulnerability that bypasses input validation filters through encoding tricks (URL encoding, double encoding, null bytes), alternate path separators, or case manipulation to access files despite security controls.',
|
|
493
515
|
severity: 'high',
|
|
516
|
+
levelId: 2,
|
|
494
517
|
category: 'file_inclusion',
|
|
495
518
|
scanner: 'local-file-inclusion',
|
|
496
519
|
cvss: {
|
|
@@ -512,6 +535,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
512
535
|
title: 'Local File Inclusion - Process Information Disclosure',
|
|
513
536
|
description: 'LFI vulnerability enabling access to /proc filesystem on Linux systems, exposing process memory maps, environment variables with credentials, command line arguments, and other runtime information that can reveal secrets and aid further attacks.',
|
|
514
537
|
severity: 'high',
|
|
538
|
+
levelId: 2,
|
|
515
539
|
category: 'file_inclusion',
|
|
516
540
|
scanner: 'local-file-inclusion',
|
|
517
541
|
cvss: {
|
|
@@ -536,6 +560,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
536
560
|
title: 'XML External Entity Injection - Classic',
|
|
537
561
|
description: 'Classic XXE vulnerability where external XML entities are processed by the parser, allowing attackers to read local files like /etc/passwd or application configuration files by defining external entities that reference file:// protocol URIs in the XML document type definition.',
|
|
538
562
|
severity: 'high',
|
|
563
|
+
levelId: 2,
|
|
539
564
|
category: 'injection',
|
|
540
565
|
scanner: 'xxe',
|
|
541
566
|
cvss: {
|
|
@@ -557,6 +582,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
557
582
|
title: 'XML External Entity Injection - Blind',
|
|
558
583
|
description: 'Blind XXE vulnerability where external entities are processed but file contents are not directly returned in the response. Exploitation requires out-of-band techniques like error-based extraction or HTTP callbacks to exfiltrate data from the target server.',
|
|
559
584
|
severity: 'high',
|
|
585
|
+
levelId: 2,
|
|
560
586
|
category: 'injection',
|
|
561
587
|
scanner: 'xxe',
|
|
562
588
|
cvss: {
|
|
@@ -578,6 +604,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
578
604
|
title: 'XML External Entity Injection - Out-of-Band',
|
|
579
605
|
description: 'Critical out-of-band XXE vulnerability confirmed through external HTTP/DNS callbacks, proving the XML parser fetches external resources. This enables data exfiltration through URL parameters and server-side request forgery attacks against internal network resources.',
|
|
580
606
|
severity: 'critical',
|
|
607
|
+
levelId: 1,
|
|
581
608
|
category: 'injection',
|
|
582
609
|
scanner: 'xxe',
|
|
583
610
|
cvss: {
|
|
@@ -603,6 +630,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
603
630
|
title: 'Local File Inclusion - Path Traversal',
|
|
604
631
|
description: 'Path traversal vulnerability allowing attackers to read arbitrary files on the server by manipulating file path parameters with directory traversal sequences like ../ to escape the intended directory and access sensitive system or application configuration files.',
|
|
605
632
|
severity: 'high',
|
|
633
|
+
levelId: 2,
|
|
606
634
|
category: 'file_inclusion',
|
|
607
635
|
scanner: 'local-file-inclusion',
|
|
608
636
|
cvss: {
|
|
@@ -625,6 +653,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
625
653
|
title: 'Local File Inclusion - Source Code Disclosure',
|
|
626
654
|
description: 'Critical source code disclosure vulnerability where application source files can be read through file inclusion, exposing proprietary code, hardcoded credentials, API keys, database connection strings, and security implementation details that facilitate further attacks.',
|
|
627
655
|
severity: 'high',
|
|
656
|
+
levelId: 2,
|
|
628
657
|
category: 'file_inclusion',
|
|
629
658
|
scanner: 'local-file-inclusion',
|
|
630
659
|
cvss: {
|
|
@@ -647,6 +676,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
647
676
|
title: 'Local File Inclusion - PHP Wrapper Protocol',
|
|
648
677
|
description: 'PHP wrapper protocol exploitation where filter or data wrappers like php://filter or php://input can be used to read source files as base64, write arbitrary files, or achieve remote code execution through deserialization when phar:// wrapper is enabled.',
|
|
649
678
|
severity: 'critical',
|
|
679
|
+
levelId: 1,
|
|
650
680
|
category: 'file_inclusion',
|
|
651
681
|
scanner: 'local-file-inclusion',
|
|
652
682
|
cvss: {
|
|
@@ -668,6 +698,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
668
698
|
title: 'XPath Injection - Authentication Bypass',
|
|
669
699
|
description: 'XPath injection vulnerability where crafted input manipulates XPath queries to bypass authentication or authorization checks, allowing attackers to log in as other users or access protected resources without valid credentials.',
|
|
670
700
|
severity: 'high',
|
|
701
|
+
levelId: 2,
|
|
671
702
|
category: 'injection',
|
|
672
703
|
scanner: 'xpath-injection',
|
|
673
704
|
cvss: {
|
|
@@ -689,6 +720,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
689
720
|
title: 'XPath Injection - Data Extraction',
|
|
690
721
|
description: 'XPath injection vulnerability that allows attackers to read or enumerate sensitive XML data by manipulating query predicates, leading to disclosure of user data, configuration, or credentials stored in XML-backed systems.',
|
|
691
722
|
severity: 'high',
|
|
723
|
+
levelId: 2,
|
|
692
724
|
category: 'injection',
|
|
693
725
|
scanner: 'xpath-injection',
|
|
694
726
|
cvss: {
|
|
@@ -710,6 +742,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
710
742
|
title: 'XPath Injection - Blind',
|
|
711
743
|
description: 'Blind XPath injection vulnerability where attackers infer query results through boolean or timing differences, enabling gradual extraction of sensitive XML data despite no direct response output.',
|
|
712
744
|
severity: 'medium',
|
|
745
|
+
levelId: 3,
|
|
713
746
|
category: 'injection',
|
|
714
747
|
scanner: 'xpath-injection',
|
|
715
748
|
cvss: {
|
|
@@ -731,6 +764,7 @@ exports.INJECTION_VULNERABILITIES = {
|
|
|
731
764
|
title: 'XPath Injection - Error Based',
|
|
732
765
|
description: 'XPath injection vulnerability where malformed input triggers verbose error messages that reveal query structure or XML data, enabling attackers to craft precise XPath exploits or extract sensitive information.',
|
|
733
766
|
severity: 'medium',
|
|
767
|
+
levelId: 3,
|
|
734
768
|
category: 'injection',
|
|
735
769
|
scanner: 'xpath-injection',
|
|
736
770
|
cvss: {
|