stryx-cli 0.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- stryx/__init__.py +35 -0
- stryx/ai/__init__.py +5 -0
- stryx/ai/attack_planner.py +199 -0
- stryx/ai/payload_generator.py +212 -0
- stryx/ai/prompts.py +85 -0
- stryx/ai/providers.py +249 -0
- stryx/attacks/__init__.py +6 -0
- stryx/attacks/attack_chain.py +111 -0
- stryx/attacks/replay.py +186 -0
- stryx/auth/__init__.py +1 -0
- stryx/auth/session_manager.py +335 -0
- stryx/cli.py +675 -0
- stryx/comparison/__init__.py +1 -0
- stryx/comparison/differ.py +255 -0
- stryx/config/__init__.py +6 -0
- stryx/config/default_config.yaml +12 -0
- stryx/config/loader.py +111 -0
- stryx/config/schema.py +80 -0
- stryx/crawler/__init__.py +5 -0
- stryx/crawler/discovery.py +178 -0
- stryx/crawler/graphql_discovery.py +86 -0
- stryx/crawler/html_crawler.py +294 -0
- stryx/crawler/js_endpoints.py +165 -0
- stryx/crawler/openapi.py +76 -0
- stryx/crawler/sitemap.py +94 -0
- stryx/orchestrator.py +347 -0
- stryx/payloads/cmdi.txt +31 -0
- stryx/payloads/header_injection.txt +15 -0
- stryx/payloads/ldap.txt +19 -0
- stryx/payloads/nosqli.txt +21 -0
- stryx/payloads/open_redirect.txt +23 -0
- stryx/payloads/path_traversal.txt +26 -0
- stryx/payloads/sqli.txt +31 -0
- stryx/payloads/ssrf.txt +30 -0
- stryx/payloads/ssti.txt +21 -0
- stryx/payloads/xss.txt +48 -0
- stryx/payloads/xxe.txt +35 -0
- stryx/plugins/__init__.py +5 -0
- stryx/plugins/base.py +85 -0
- stryx/policy/__init__.py +1 -0
- stryx/policy/engine.py +201 -0
- stryx/py.typed +0 -0
- stryx/reports/__init__.py +5 -0
- stryx/reports/generator.py +122 -0
- stryx/reports/json_report.py +72 -0
- stryx/reports/markdown_report.py +101 -0
- stryx/reports/sarif_report.py +200 -0
- stryx/reports/templates/report.html.j2 +163 -0
- stryx/reports/terminal_report.py +138 -0
- stryx/scanners/__init__.py +17 -0
- stryx/scanners/auth.py +444 -0
- stryx/scanners/authorization.py +220 -0
- stryx/scanners/blind.py +328 -0
- stryx/scanners/cloud_ssrf.py +208 -0
- stryx/scanners/cors.py +158 -0
- stryx/scanners/dependencies.py +296 -0
- stryx/scanners/disclosure.py +339 -0
- stryx/scanners/fuzz.py +391 -0
- stryx/scanners/graphql.py +309 -0
- stryx/scanners/injection.py +511 -0
- stryx/scanners/race.py +257 -0
- stryx/signatures/framework_fingerprints.yaml +122 -0
- stryx/signatures/known_vulns.yaml +210 -0
- stryx/utils/__init__.py +7 -0
- stryx/utils/evidence.py +109 -0
- stryx/utils/http_client.py +159 -0
- stryx/utils/logging.py +51 -0
- stryx/utils/rate_limiter.py +37 -0
- stryx_cli-0.1.0.dist-info/METADATA +236 -0
- stryx_cli-0.1.0.dist-info/RECORD +74 -0
- stryx_cli-0.1.0.dist-info/WHEEL +5 -0
- stryx_cli-0.1.0.dist-info/entry_points.txt +2 -0
- stryx_cli-0.1.0.dist-info/licenses/LICENSE +190 -0
- stryx_cli-0.1.0.dist-info/top_level.txt +1 -0
stryx/scanners/race.py
ADDED
|
@@ -0,0 +1,257 @@
|
|
|
1
|
+
"""Race condition scanner.
|
|
2
|
+
|
|
3
|
+
Tests for TOCTOU (Time-of-Check to Time-of-Use) vulnerabilities
|
|
4
|
+
by sending concurrent requests and detecting inconsistent state changes.
|
|
5
|
+
"""
|
|
6
|
+
|
|
7
|
+
from __future__ import annotations
|
|
8
|
+
|
|
9
|
+
import asyncio
|
|
10
|
+
import json
|
|
11
|
+
from dataclasses import dataclass
|
|
12
|
+
from typing import Any
|
|
13
|
+
|
|
14
|
+
from stryx.utils.evidence import Evidence, Finding, Severity
|
|
15
|
+
from stryx.utils.http_client import HttpClient
|
|
16
|
+
from stryx.utils.logging import get_logger
|
|
17
|
+
|
|
18
|
+
logger = get_logger("scanner.race")
|
|
19
|
+
|
|
20
|
+
# Number of concurrent requests per race test
|
|
21
|
+
RACE_CONCURRENCY = 15
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
@dataclass
|
|
25
|
+
class RaceTestConfig:
|
|
26
|
+
"""Configuration for a race condition test."""
|
|
27
|
+
|
|
28
|
+
name: str
|
|
29
|
+
url: str
|
|
30
|
+
method: str = "POST"
|
|
31
|
+
body: dict[str, Any] | None = None
|
|
32
|
+
headers: dict[str, str] | None = None
|
|
33
|
+
expected_count: int = 1 # Expected number of successful operations
|
|
34
|
+
description: str = ""
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
class RaceScanner:
|
|
38
|
+
"""Scanner for race condition (TOCTOU) vulnerabilities."""
|
|
39
|
+
|
|
40
|
+
def __init__(self, client: HttpClient):
|
|
41
|
+
self.client = client
|
|
42
|
+
|
|
43
|
+
async def scan(
|
|
44
|
+
self,
|
|
45
|
+
endpoints: list[str],
|
|
46
|
+
base_url: str,
|
|
47
|
+
) -> list[Finding]:
|
|
48
|
+
"""Run race condition tests against endpoints."""
|
|
49
|
+
findings: list[Finding] = []
|
|
50
|
+
logger.info("Running race condition scanner")
|
|
51
|
+
|
|
52
|
+
# Detect potential race condition endpoints
|
|
53
|
+
race_configs = self._build_race_tests(endpoints, base_url)
|
|
54
|
+
|
|
55
|
+
for config in race_configs:
|
|
56
|
+
try:
|
|
57
|
+
finding = await self._test_race_condition(config)
|
|
58
|
+
if finding:
|
|
59
|
+
findings.append(finding)
|
|
60
|
+
except Exception as e:
|
|
61
|
+
logger.debug(f"Race test error ({config.name}): {e}")
|
|
62
|
+
|
|
63
|
+
logger.info(f"Race condition scanner found {len(findings)} findings")
|
|
64
|
+
return findings
|
|
65
|
+
|
|
66
|
+
def _build_race_tests(
|
|
67
|
+
self, endpoints: list[str], base_url: str
|
|
68
|
+
) -> list[RaceTestConfig]:
|
|
69
|
+
"""Build race condition test configurations based on discovered endpoints."""
|
|
70
|
+
configs: list[RaceTestConfig] = []
|
|
71
|
+
|
|
72
|
+
for endpoint in endpoints:
|
|
73
|
+
ep_lower = endpoint.lower()
|
|
74
|
+
|
|
75
|
+
# Balance/transfer endpoints
|
|
76
|
+
if any(kw in ep_lower for kw in ["transfer", "balance", "payment", "checkout", "purchase"]):
|
|
77
|
+
configs.append(RaceTestConfig(
|
|
78
|
+
name="double-spend",
|
|
79
|
+
url=endpoint,
|
|
80
|
+
method="POST",
|
|
81
|
+
body={"amount": 100, "currency": "USD"},
|
|
82
|
+
expected_count=1,
|
|
83
|
+
description="Double-spend via race condition on payment endpoint",
|
|
84
|
+
))
|
|
85
|
+
|
|
86
|
+
# Coupon/discount endpoints
|
|
87
|
+
if any(kw in ep_lower for kw in ["coupon", "discount", "promo", "redeem"]):
|
|
88
|
+
configs.append(RaceTestConfig(
|
|
89
|
+
name="coupon-reuse",
|
|
90
|
+
url=endpoint,
|
|
91
|
+
method="POST",
|
|
92
|
+
body={"code": "TESTCOUPON"},
|
|
93
|
+
expected_count=1,
|
|
94
|
+
description="Coupon reuse via race condition",
|
|
95
|
+
))
|
|
96
|
+
|
|
97
|
+
# Vote/like endpoints
|
|
98
|
+
if any(kw in ep_lower for kw in ["vote", "like", "upvote", "reaction"]):
|
|
99
|
+
configs.append(RaceTestConfig(
|
|
100
|
+
name="vote-manipulation",
|
|
101
|
+
url=endpoint,
|
|
102
|
+
method="POST",
|
|
103
|
+
body={"id": "1"},
|
|
104
|
+
expected_count=1,
|
|
105
|
+
description="Vote manipulation via race condition",
|
|
106
|
+
))
|
|
107
|
+
|
|
108
|
+
# Registration endpoints
|
|
109
|
+
if any(kw in ep_lower for kw in ["register", "signup", "create"]):
|
|
110
|
+
configs.append(RaceTestConfig(
|
|
111
|
+
name="duplicate-registration",
|
|
112
|
+
url=endpoint,
|
|
113
|
+
method="POST",
|
|
114
|
+
body={"email": "race-test@example.com", "username": "race-test-user"},
|
|
115
|
+
expected_count=1,
|
|
116
|
+
description="Duplicate registration via race condition",
|
|
117
|
+
))
|
|
118
|
+
|
|
119
|
+
# Generic POST endpoints (test for idempotency issues)
|
|
120
|
+
if any(kw in ep_lower for kw in ["api", "action", "submit", "process"]):
|
|
121
|
+
configs.append(RaceTestConfig(
|
|
122
|
+
name="generic-race",
|
|
123
|
+
url=endpoint,
|
|
124
|
+
method="POST",
|
|
125
|
+
body={"test": "race-condition"},
|
|
126
|
+
expected_count=1,
|
|
127
|
+
description="Generic race condition test",
|
|
128
|
+
))
|
|
129
|
+
|
|
130
|
+
# Add common race condition paths
|
|
131
|
+
common_paths = [
|
|
132
|
+
"/api/transfer", "/api/payment", "/api/checkout",
|
|
133
|
+
"/api/coupon/redeem", "/api/vote", "/api/like",
|
|
134
|
+
]
|
|
135
|
+
for path in common_paths:
|
|
136
|
+
url = f"{base_url}{path}"
|
|
137
|
+
if not any(c.url == url for c in configs):
|
|
138
|
+
configs.append(RaceTestConfig(
|
|
139
|
+
name=f"common-{path.split('/')[-1]}",
|
|
140
|
+
url=url,
|
|
141
|
+
method="POST",
|
|
142
|
+
body={"test": "race"},
|
|
143
|
+
expected_count=1,
|
|
144
|
+
description=f"Race condition test on {path}",
|
|
145
|
+
))
|
|
146
|
+
|
|
147
|
+
return configs[:10] # Limit total tests
|
|
148
|
+
|
|
149
|
+
async def _test_race_condition(self, config: RaceTestConfig) -> Finding | None:
|
|
150
|
+
"""Test a specific race condition scenario."""
|
|
151
|
+
logger.info(f"Testing race condition: {config.name}")
|
|
152
|
+
|
|
153
|
+
# Send concurrent requests
|
|
154
|
+
tasks = []
|
|
155
|
+
for i in range(RACE_CONCURRENCY):
|
|
156
|
+
tasks.append(self._send_request(config, i))
|
|
157
|
+
|
|
158
|
+
results = await asyncio.gather(*tasks, return_exceptions=True)
|
|
159
|
+
|
|
160
|
+
# Analyze results
|
|
161
|
+
successful = []
|
|
162
|
+
failed = []
|
|
163
|
+
responses: list[str] = []
|
|
164
|
+
|
|
165
|
+
for i, result in enumerate(results):
|
|
166
|
+
if isinstance(result, Exception):
|
|
167
|
+
failed.append(i)
|
|
168
|
+
responses.append(f"Request {i}: ERROR - {result}")
|
|
169
|
+
elif result is not None:
|
|
170
|
+
status, body = result
|
|
171
|
+
responses.append(f"Request {i}: {status}")
|
|
172
|
+
if status in (200, 201, 202):
|
|
173
|
+
successful.append(i)
|
|
174
|
+
else:
|
|
175
|
+
failed.append(i)
|
|
176
|
+
responses.append(f"Request {i}: None")
|
|
177
|
+
|
|
178
|
+
# Check for race condition indicators
|
|
179
|
+
if len(successful) > config.expected_count:
|
|
180
|
+
# More requests succeeded than expected — possible race condition
|
|
181
|
+
confidence = min(0.85, 0.4 + (len(successful) - config.expected_count) * 0.1)
|
|
182
|
+
|
|
183
|
+
return Finding(
|
|
184
|
+
title=f"Race condition: {config.name} ({len(successful)}/{RACE_CONCURRENCY} succeeded)",
|
|
185
|
+
severity=Severity.HIGH,
|
|
186
|
+
evidence=Evidence(
|
|
187
|
+
request_method=config.method,
|
|
188
|
+
request_url=config.url,
|
|
189
|
+
response_status=200,
|
|
190
|
+
response_body=json.dumps(config.body or {}),
|
|
191
|
+
response_snippet="\n".join(responses[:20]),
|
|
192
|
+
payload=json.dumps(config.body or {}),
|
|
193
|
+
confidence=confidence,
|
|
194
|
+
),
|
|
195
|
+
description=(
|
|
196
|
+
f"{config.description}. "
|
|
197
|
+
f"Out of {RACE_CONCURRENCY} concurrent requests, "
|
|
198
|
+
f"{len(successful)} succeeded (expected: {config.expected_count}). "
|
|
199
|
+
f"This indicates a race condition vulnerability."
|
|
200
|
+
),
|
|
201
|
+
remediation=(
|
|
202
|
+
"Implement proper locking mechanisms (database transactions, "
|
|
203
|
+
"distributed locks, idempotency keys) to prevent concurrent "
|
|
204
|
+
"operations from corrupting state."
|
|
205
|
+
),
|
|
206
|
+
cwe="CWE-362",
|
|
207
|
+
owasp="A04:2021 - Insecure Design",
|
|
208
|
+
endpoint=config.url,
|
|
209
|
+
scanner="race",
|
|
210
|
+
tags=["race-condition", "toctou", "concurrency"],
|
|
211
|
+
)
|
|
212
|
+
|
|
213
|
+
# Check for inconsistent responses (some succeed, some fail)
|
|
214
|
+
if successful and failed and len(successful) < RACE_CONCURRENCY:
|
|
215
|
+
# Partial success may indicate timing-dependent behavior
|
|
216
|
+
return Finding(
|
|
217
|
+
title=f"Possible race condition: {config.name}",
|
|
218
|
+
severity=Severity.MEDIUM,
|
|
219
|
+
evidence=Evidence(
|
|
220
|
+
request_method=config.method,
|
|
221
|
+
request_url=config.url,
|
|
222
|
+
response_status=200,
|
|
223
|
+
response_body=json.dumps(config.body or {}),
|
|
224
|
+
response_snippet="\n".join(responses[:20]),
|
|
225
|
+
payload=json.dumps(config.body or {}),
|
|
226
|
+
confidence=0.5,
|
|
227
|
+
),
|
|
228
|
+
description=(
|
|
229
|
+
f"{config.description}. "
|
|
230
|
+
f"{len(successful)}/{RACE_CONCURRENCY} requests succeeded, "
|
|
231
|
+
f"indicating timing-dependent behavior that may be exploitable."
|
|
232
|
+
),
|
|
233
|
+
remediation="Review endpoint for race conditions. Add proper locking.",
|
|
234
|
+
cwe="CWE-362",
|
|
235
|
+
owasp="A04:2021 - Insecure Design",
|
|
236
|
+
endpoint=config.url,
|
|
237
|
+
scanner="race",
|
|
238
|
+
tags=["race-condition", "timing"],
|
|
239
|
+
)
|
|
240
|
+
|
|
241
|
+
return None
|
|
242
|
+
|
|
243
|
+
async def _send_request(
|
|
244
|
+
self, config: RaceTestConfig, index: int
|
|
245
|
+
) -> tuple[int, str] | None:
|
|
246
|
+
"""Send a single request for the race test."""
|
|
247
|
+
try:
|
|
248
|
+
body = json.dumps(config.body) if config.body else None
|
|
249
|
+
response, _ = await self.client.request(
|
|
250
|
+
method=config.method,
|
|
251
|
+
url=config.url,
|
|
252
|
+
headers=config.headers,
|
|
253
|
+
body=body,
|
|
254
|
+
)
|
|
255
|
+
return (response.status_code, response.text[:200])
|
|
256
|
+
except Exception:
|
|
257
|
+
return None
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
# Framework and technology fingerprints used by the injection engine
|
|
2
|
+
# to adapt payloads to the target framework.
|
|
3
|
+
|
|
4
|
+
frameworks:
|
|
5
|
+
python_flask:
|
|
6
|
+
name: Flask
|
|
7
|
+
headers:
|
|
8
|
+
- "Server: Werkzeug"
|
|
9
|
+
- "Server: Python"
|
|
10
|
+
cookies:
|
|
11
|
+
- "session=ey"
|
|
12
|
+
- "csrf_token="
|
|
13
|
+
body_patterns:
|
|
14
|
+
- "flask"
|
|
15
|
+
- "werkzeug"
|
|
16
|
+
sql_dialect: "generic"
|
|
17
|
+
injection_modifiers:
|
|
18
|
+
- "sleep"
|
|
19
|
+
- "benchmark"
|
|
20
|
+
|
|
21
|
+
python_django:
|
|
22
|
+
name: Django
|
|
23
|
+
headers:
|
|
24
|
+
- "Server: WSGIServer"
|
|
25
|
+
- "X-Frame-Options: DENY"
|
|
26
|
+
- "X-Content-Type-Options: nosniff"
|
|
27
|
+
cookies:
|
|
28
|
+
- "csrftoken="
|
|
29
|
+
- "sessionid="
|
|
30
|
+
body_patterns:
|
|
31
|
+
- "csrfmiddlewaretoken"
|
|
32
|
+
- "django"
|
|
33
|
+
sql_dialect: "postgres"
|
|
34
|
+
injection_modifiers:
|
|
35
|
+
- "pg_sleep"
|
|
36
|
+
|
|
37
|
+
node_express:
|
|
38
|
+
name: Express
|
|
39
|
+
headers:
|
|
40
|
+
- "X-Powered-By: Express"
|
|
41
|
+
cookies:
|
|
42
|
+
- "connect.sid="
|
|
43
|
+
body_patterns:
|
|
44
|
+
- "express"
|
|
45
|
+
sql_dialect: "generic"
|
|
46
|
+
|
|
47
|
+
php_laravel:
|
|
48
|
+
name: Laravel
|
|
49
|
+
headers:
|
|
50
|
+
- "Server: Apache"
|
|
51
|
+
- "X-Powered-By: PHP"
|
|
52
|
+
cookies:
|
|
53
|
+
- "laravel_session="
|
|
54
|
+
- "XSRF-TOKEN="
|
|
55
|
+
body_patterns:
|
|
56
|
+
- "laravel"
|
|
57
|
+
- "csrf-token"
|
|
58
|
+
sql_dialect: "mysql"
|
|
59
|
+
injection_modifiers:
|
|
60
|
+
- "sleep(5)"
|
|
61
|
+
|
|
62
|
+
ruby_rails:
|
|
63
|
+
name: Ruby on Rails
|
|
64
|
+
headers:
|
|
65
|
+
- "X-Powered-By: Phusion Passenger"
|
|
66
|
+
- "X-Request-Id:"
|
|
67
|
+
cookies:
|
|
68
|
+
- "_session_id="
|
|
69
|
+
- "rack.session="
|
|
70
|
+
body_patterns:
|
|
71
|
+
- "authenticity_token"
|
|
72
|
+
sql_dialect: "postgres"
|
|
73
|
+
|
|
74
|
+
java_spring:
|
|
75
|
+
name: Spring Boot
|
|
76
|
+
headers:
|
|
77
|
+
- "X-Application-Context:"
|
|
78
|
+
- "Set-Cookie: JSESSIONID="
|
|
79
|
+
cookies:
|
|
80
|
+
- "JSESSIONID="
|
|
81
|
+
body_patterns:
|
|
82
|
+
- "spring"
|
|
83
|
+
- "whitelabel error"
|
|
84
|
+
sql_dialect: "generic"
|
|
85
|
+
|
|
86
|
+
dotnet_aspnet:
|
|
87
|
+
name: ASP.NET
|
|
88
|
+
headers:
|
|
89
|
+
- "X-Powered-By: ASP.NET"
|
|
90
|
+
- "X-AspNet-Version:"
|
|
91
|
+
- "X-AspNetMvc-Version:"
|
|
92
|
+
cookies:
|
|
93
|
+
- "ASP.NET_SessionId="
|
|
94
|
+
- "__RequestVerificationToken="
|
|
95
|
+
body_patterns:
|
|
96
|
+
- "__VIEWSTATE"
|
|
97
|
+
- "__EVENTVALIDATION"
|
|
98
|
+
sql_dialect: "mssql"
|
|
99
|
+
|
|
100
|
+
go_gin:
|
|
101
|
+
name: Go (Gin/Echo/Fiber)
|
|
102
|
+
headers:
|
|
103
|
+
- "Server: Go-http-server"
|
|
104
|
+
cookies:
|
|
105
|
+
- "session="
|
|
106
|
+
body_patterns:
|
|
107
|
+
- "go"
|
|
108
|
+
sql_dialect: "generic"
|
|
109
|
+
|
|
110
|
+
graphql:
|
|
111
|
+
name: GraphQL
|
|
112
|
+
headers:
|
|
113
|
+
- "Content-Type: application/json"
|
|
114
|
+
endpoints:
|
|
115
|
+
- "/graphql"
|
|
116
|
+
- "/graphiql"
|
|
117
|
+
- "/api/graphql"
|
|
118
|
+
- "/query"
|
|
119
|
+
body_patterns:
|
|
120
|
+
- "query"
|
|
121
|
+
- "mutation"
|
|
122
|
+
- "subscription"
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
# Known vulnerable JavaScript library versions
|
|
2
|
+
# Format: library_name:
|
|
3
|
+
# CVE-ID:
|
|
4
|
+
# affected: "<version" or ">=version,<version"
|
|
5
|
+
# fixed_version: "version"
|
|
6
|
+
# severity: "critical|high|medium|low"
|
|
7
|
+
# description: "Description of the vulnerability"
|
|
8
|
+
# reference: "URL to advisory"
|
|
9
|
+
# cwe: "CWE-XXX"
|
|
10
|
+
|
|
11
|
+
jquery:
|
|
12
|
+
CVE-2020-11022:
|
|
13
|
+
affected: "<3.5.0"
|
|
14
|
+
fixed_version: "3.5.0"
|
|
15
|
+
severity: "medium"
|
|
16
|
+
description: "XSS vulnerability in jQuery's html() method when passing untrusted HTML"
|
|
17
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
|
|
18
|
+
cwe: "CWE-79"
|
|
19
|
+
CVE-2020-11023:
|
|
20
|
+
affected: "<3.5.0"
|
|
21
|
+
fixed_version: "3.5.0"
|
|
22
|
+
severity: "medium"
|
|
23
|
+
description: "XSS vulnerability in jQuery's DOM manipulation methods"
|
|
24
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
|
|
25
|
+
cwe: "CWE-79"
|
|
26
|
+
CVE-2019-11358:
|
|
27
|
+
affected: "<3.4.0"
|
|
28
|
+
fixed_version: "3.4.0"
|
|
29
|
+
severity: "medium"
|
|
30
|
+
description: "Prototype pollution vulnerability in jQuery.extend()"
|
|
31
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
|
|
32
|
+
cwe: "CWE-1321"
|
|
33
|
+
CVE-2015-9251:
|
|
34
|
+
affected: "<3.0.0"
|
|
35
|
+
fixed_version: "3.0.0"
|
|
36
|
+
severity: "medium"
|
|
37
|
+
description: "XSS via cross-domain AJAX requests when text/javascript responses are received"
|
|
38
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2015-9251"
|
|
39
|
+
cwe: "CWE-79"
|
|
40
|
+
|
|
41
|
+
lodash:
|
|
42
|
+
CVE-2021-23337:
|
|
43
|
+
affected: "<4.17.21"
|
|
44
|
+
fixed_version: "4.17.21"
|
|
45
|
+
severity: "high"
|
|
46
|
+
description: "Command injection via template function"
|
|
47
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
|
|
48
|
+
cwe: "CWE-78"
|
|
49
|
+
CVE-2020-28500:
|
|
50
|
+
affected: "<4.17.21"
|
|
51
|
+
fixed_version: "4.17.21"
|
|
52
|
+
severity: "medium"
|
|
53
|
+
description: "ReDoS (Regular Expression Denial of Service) in trim functions"
|
|
54
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
|
|
55
|
+
cwe: "CWE-400"
|
|
56
|
+
CVE-2020-8203:
|
|
57
|
+
affected: "<4.17.19"
|
|
58
|
+
fixed_version: "4.17.19"
|
|
59
|
+
severity: "high"
|
|
60
|
+
description: "Prototype pollution vulnerability"
|
|
61
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
|
|
62
|
+
cwe: "CWE-1321"
|
|
63
|
+
|
|
64
|
+
angular:
|
|
65
|
+
CVE-2022-25869:
|
|
66
|
+
affected: "<1.8.0"
|
|
67
|
+
fixed_version: "1.8.0"
|
|
68
|
+
severity: "high"
|
|
69
|
+
description: "XSS vulnerability in $sanitize service"
|
|
70
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2022-25869"
|
|
71
|
+
cwe: "CWE-79"
|
|
72
|
+
CVE-2022-25868:
|
|
73
|
+
affected: "<1.8.0"
|
|
74
|
+
fixed_version: "1.8.0"
|
|
75
|
+
severity: "medium"
|
|
76
|
+
description: "XSS via template injection in jqLite"
|
|
77
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2022-25868"
|
|
78
|
+
cwe: "CWE-79"
|
|
79
|
+
CVE-2021-41056:
|
|
80
|
+
affected: "<1.7.5"
|
|
81
|
+
fixed_version: "1.7.5"
|
|
82
|
+
severity: "high"
|
|
83
|
+
description: "XSS vulnerability in $sanitize"
|
|
84
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2021-41056"
|
|
85
|
+
cwe: "CWE-79"
|
|
86
|
+
|
|
87
|
+
bootstrap:
|
|
88
|
+
CVE-2024-6531:
|
|
89
|
+
affected: "<4.3.1"
|
|
90
|
+
fixed_version: "4.3.1"
|
|
91
|
+
severity: "medium"
|
|
92
|
+
description: "XSS vulnerability in tooltip and popover data attributes"
|
|
93
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2024-6531"
|
|
94
|
+
cwe: "CWE-79"
|
|
95
|
+
CVE-2019-8331:
|
|
96
|
+
affected: "<4.3.1"
|
|
97
|
+
fixed_version: "4.3.1"
|
|
98
|
+
severity: "medium"
|
|
99
|
+
description: "XSS in tooltip, popover, and collapse data-template"
|
|
100
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
|
|
101
|
+
cwe: "CWE-79"
|
|
102
|
+
|
|
103
|
+
moment:
|
|
104
|
+
CVE-2022-31129:
|
|
105
|
+
affected: "<2.29.4"
|
|
106
|
+
fixed_version: "2.29.4"
|
|
107
|
+
severity: "high"
|
|
108
|
+
description: "ReDoS (Regular Expression Denial of Service) in ISO date parsing"
|
|
109
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
|
|
110
|
+
cwe: "CWE-400"
|
|
111
|
+
|
|
112
|
+
underscore:
|
|
113
|
+
CVE-2021-23358:
|
|
114
|
+
affected: "<1.13.3"
|
|
115
|
+
fixed_version: "1.13.3"
|
|
116
|
+
severity: "high"
|
|
117
|
+
description: "Arbitrary code execution via template settings"
|
|
118
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
|
|
119
|
+
cwe: "CWE-94"
|
|
120
|
+
|
|
121
|
+
three:
|
|
122
|
+
CVE-2023-36479:
|
|
123
|
+
affected: "<0.160.0"
|
|
124
|
+
fixed_version: "0.160.0"
|
|
125
|
+
severity: "medium"
|
|
126
|
+
description: "Prototype pollution in GLTFLoader"
|
|
127
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
|
|
128
|
+
cwe: "CWE-1321"
|
|
129
|
+
|
|
130
|
+
d3:
|
|
131
|
+
CVE-2023-45133:
|
|
132
|
+
affected: "<7.0.0"
|
|
133
|
+
fixed_version: "7.0.0"
|
|
134
|
+
severity: "critical"
|
|
135
|
+
description: "Prototype pollution in d3.merge() and d3.concat()"
|
|
136
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-45133"
|
|
137
|
+
cwe: "CWE-1321"
|
|
138
|
+
|
|
139
|
+
backbone:
|
|
140
|
+
CVE-2020-21716:
|
|
141
|
+
affected: "<1.4.0"
|
|
142
|
+
fixed_version: "1.4.0"
|
|
143
|
+
severity: "medium"
|
|
144
|
+
description: "XSS vulnerability in template rendering"
|
|
145
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2020-21716"
|
|
146
|
+
cwe: "CWE-79"
|
|
147
|
+
|
|
148
|
+
ember:
|
|
149
|
+
CVE-2023-26920:
|
|
150
|
+
affected: "<4.12.0"
|
|
151
|
+
fixed_version: "4.12.0"
|
|
152
|
+
severity: "high"
|
|
153
|
+
description: "Prototype pollution in handlebars templates"
|
|
154
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-26920"
|
|
155
|
+
cwe: "CWE-1321"
|
|
156
|
+
|
|
157
|
+
mootools:
|
|
158
|
+
CVE-2022-23536:
|
|
159
|
+
affected: "<1.6.0"
|
|
160
|
+
fixed_version: "1.6.0"
|
|
161
|
+
severity: "medium"
|
|
162
|
+
description: "XSS in Element.inject methods"
|
|
163
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2022-23536"
|
|
164
|
+
cwe: "CWE-79"
|
|
165
|
+
|
|
166
|
+
prototype:
|
|
167
|
+
CVE-2018-16487:
|
|
168
|
+
affected: "<1.7.3"
|
|
169
|
+
fixed_version: "1.7.3"
|
|
170
|
+
severity: "high"
|
|
171
|
+
description: "Prototype pollution via Object.toQueryParameter"
|
|
172
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2018-16487"
|
|
173
|
+
cwe: "CWE-1321"
|
|
174
|
+
|
|
175
|
+
chart:
|
|
176
|
+
CVE-2023-2828:
|
|
177
|
+
affected: "<4.0.0"
|
|
178
|
+
fixed_version: "4.0.0"
|
|
179
|
+
severity: "medium"
|
|
180
|
+
description: "XSS via tooltip callback and external script loading"
|
|
181
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-2828"
|
|
182
|
+
cwe: "CWE-79"
|
|
183
|
+
|
|
184
|
+
# Node.js / npm packages
|
|
185
|
+
express:
|
|
186
|
+
CVE-2024-29041:
|
|
187
|
+
affected: "<4.19.2"
|
|
188
|
+
fixed_version: "4.19.2"
|
|
189
|
+
severity: "high"
|
|
190
|
+
description: "Open redirect vulnerability in res.location()"
|
|
191
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
|
|
192
|
+
cwe: "CWE-601"
|
|
193
|
+
|
|
194
|
+
axios:
|
|
195
|
+
CVE-2023-45857:
|
|
196
|
+
affected: "<1.6.0"
|
|
197
|
+
fixed_version: "1.6.0"
|
|
198
|
+
severity: "medium"
|
|
199
|
+
description: "CSRF token exposure in cross-site requests"
|
|
200
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-45857"
|
|
201
|
+
cwe: "CWE-352"
|
|
202
|
+
|
|
203
|
+
webpack:
|
|
204
|
+
CVE-2023-28154:
|
|
205
|
+
affected: "<5.76.0"
|
|
206
|
+
fixed_version: "5.76.0"
|
|
207
|
+
severity: "medium"
|
|
208
|
+
description: "Cross-realm object access in webpack-dev-middleware"
|
|
209
|
+
reference: "https://nvd.nist.gov/vuln/detail/CVE-2023-28154"
|
|
210
|
+
cwe: "CWE-502"
|
stryx/utils/__init__.py
ADDED