apk package
chainguard/opensearch-dashboards-2-fips-dashboards-reporting
pkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reporting
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45857 | Med | 6.5 | < 2.13.0-r0 | 2.13.0-r0 | Nov 8, 2023 | An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. | |
| CVE-2023-28155 | Med | 6.1 | < 2.19.1-r0 | 2.19.1-r0 | Mar 16, 2023 | The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintaine | |
| CVE-2020-36604 | Hig | 8.1 | < 2.13.0-r0 | 2.13.0-r0 | Sep 23, 2022 | hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. |
- affected < 2.13.0-r0fixed 2.13.0-r0
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
- affected < 2.19.1-r0fixed 2.19.1-r0
The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintaine
- affected < 2.13.0-r0fixed 2.13.0-r0
hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.
Page 4 of 4