G-Rath · G-Rath · Dec 19, 2023 · Dec 10, 2023
diff --git a/fixtures/locks-e2e/1-Gemfile.lock.out.txt b/fixtures/locks-e2e/1-Gemfile.lock.out.txt
@@ -13,6 +13,8 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-ch3h-j2vf-95pv: XSS Vulnerability in Action View tag helpers (https://github.com/advisories/GHSA-ch3h-j2vf-95pv)
     GHSA-xp5h-f8jf-rc8q: rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements (https://github.com/advisories/GHSA-xp5h-f8jf-rc8q)
+  [email protected] is affected by the following vulnerabilities:
+    GHSA-356j-hg45-x525: Potential CSV export data leak (https://github.com/advisories/GHSA-356j-hg45-x525)
   [email protected] is affected by the following vulnerabilities:
     GHSA-3hhc-qp5v-9p2j: Active Record RCE bug with Serialized Columns (https://github.com/advisories/GHSA-3hhc-qp5v-9p2j)
     GHSA-579w-22j4-4749: Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter (https://github.com/advisories/GHSA-579w-22j4-4749)
@@ -69,6 +71,12 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
     GHSA-mcvf-2q2m-x72m: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer (https://github.com/advisories/GHSA-mcvf-2q2m-x72m)
     GHSA-pg8v-g4xq-hww9: Rails::Html::Sanitizer vulnerable to Cross-site Scripting (https://github.com/advisories/GHSA-pg8v-g4xq-hww9)
     GHSA-rrfc-7g8p-99q8: Possible XSS vulnerability with certain configurations of rails-html-sanitizer (https://github.com/advisories/GHSA-rrfc-7g8p-99q8)
+  [email protected] is affected by the following vulnerabilities:
+    GHSA-gc3j-vvwf-4rp8: Resque vulnerable to reflected XSS in resque-web failed and queues lists (https://github.com/advisories/GHSA-gc3j-vvwf-4rp8)
+    GHSA-r8xx-8vm8-x6wj: Resque vulnerable to Reflected Cross Site Scripting through pathnames (https://github.com/advisories/GHSA-r8xx-8vm8-x6wj)
+    GHSA-r9mq-m72x-257g: Resque vulnerable to reflected XSS in Queue Endpoint (https://github.com/advisories/GHSA-r9mq-m72x-257g)
+  [email protected] is affected by the following vulnerabilities:
+    GHSA-9hmq-fm33-x4xx: Resque Scheduler Reflected XSS In Delayed Jobs View (https://github.com/advisories/GHSA-9hmq-fm33-x4xx)
   [email protected] is affected by the following vulnerabilities:
     GHSA-8cr8-4vfw-mr7h: REXML round-trip instability (https://github.com/advisories/GHSA-8cr8-4vfw-mr7h)
   [email protected] is affected by the following vulnerabilities:
@@ -77,4 +85,4 @@ fixtures/locks-e2e/1-Gemfile.lock: found 229 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-5cm2-9h8c-rvfx: TZInfo relative path traversal vulnerability allows loading of arbitrary files (https://github.com/advisories/GHSA-5cm2-9h8c-rvfx)
 
-  54 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock
+  59 known vulnerabilities found in fixtures/locks-e2e/1-Gemfile.lock
diff --git a/fixtures/locks-e2e/1-Pipfile.lock.out.txt b/fixtures/locks-e2e/1-Pipfile.lock.out.txt
diff --git a/fixtures/locks-e2e/1-poetry.lock.out.txt b/fixtures/locks-e2e/1-poetry.lock.out.txt
diff --git a/fixtures/locks-e2e/1-yarn.lock.out.txt b/fixtures/locks-e2e/1-yarn.lock.out.txt
@@ -26,7 +26,7 @@ fixtures/locks-e2e/1-yarn.lock: found 1678 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-6h5x-7c5m-7cr7: Exposure of Sensitive Information in eventsource (https://github.com/advisories/GHSA-6h5x-7c5m-7cr7)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-6g8v-hpgw-h2v7: Prototype pollution in gsap (https://github.com/advisories/GHSA-6g8v-hpgw-h2v7)
   [email protected] is affected by the following vulnerabilities:

diff --git a/fixtures/locks-e2e/2-go.mod.out.txt b/fixtures/locks-e2e/2-go.mod.out.txt
@@ -18,6 +18,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-x24g-9w7v-vprh: HashiCorp go-getter command injection (https://github.com/advisories/GHSA-x24g-9w7v-vprh)
     GO-2022-0586: Resource exhaustion in github.com/hashicorp/go-getter and related modules
   golang.org/x/[email protected] is affected by the following vulnerabilities:
+    GHSA-45x7-px36-x8w8: Russh vulnerable to Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC (https://github.com/advisories/GHSA-45x7-px36-x8w8)
     GHSA-8c26-wmh5-6g9v: golang.org/x/crypto/ssh Denial of service via crafted Signer (https://github.com/advisories/GHSA-8c26-wmh5-6g9v)
     GHSA-gwc9-m7rh-j2ww: x/crypto/ssh vulnerable to panic via malformed packets (https://github.com/advisories/GHSA-gwc9-m7rh-j2ww)
   golang.org/x/[email protected] is affected by the following vulnerabilities:
@@ -26,6 +27,7 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-69cg-p879-7622: golang.org/x/net/http2 Denial of Service vulnerability (https://github.com/advisories/GHSA-69cg-p879-7622)
     GHSA-83g2-8m93-v3w7: golang.org/x/net/html Infinite Loop vulnerability (https://github.com/advisories/GHSA-83g2-8m93-v3w7)
     GHSA-h86h-8ppg-mxmh: golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion (https://github.com/advisories/GHSA-h86h-8ppg-mxmh)
+    GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
     GHSA-vvpx-j8f3-3w6h: Uncontrolled Resource Consumption (https://github.com/advisories/GHSA-vvpx-j8f3-3w6h)
     GO-2022-0288: Unbounded memory growth in net/http and golang.org/x/net/http2
     GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2
@@ -38,4 +40,4 @@ fixtures/locks-e2e/2-go.mod: found 73 packages
     GHSA-m425-mq94-257g: gRPC-Go HTTP/2 Rapid Reset vulnerability (https://github.com/advisories/GHSA-m425-mq94-257g)
     GHSA-qppj-fm5r-hxr3: swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack (https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
 
-  25 known vulnerabilities found in fixtures/locks-e2e/2-go.mod
+  27 known vulnerabilities found in fixtures/locks-e2e/2-go.mod
diff --git a/fixtures/locks-e2e/2-package-lock.json.out.txt b/fixtures/locks-e2e/2-package-lock.json.out.txt
diff --git a/fixtures/locks-e2e/2-poetry.lock.out.txt b/fixtures/locks-e2e/2-poetry.lock.out.txt
diff --git a/fixtures/locks-e2e/2-pom.xml.out.txt b/fixtures/locks-e2e/2-pom.xml.out.txt
@@ -19,5 +19,6 @@ fixtures/locks-e2e/2-pom.xml: found 8 packages
     GHSA-7c2q-5qmr-v76q: DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998 (https://github.com/advisories/GHSA-7c2q-5qmr-v76q)
     GHSA-8m5h-hrqm-pxm2: Path traversal in the OWASP Enterprise Security API (https://github.com/advisories/GHSA-8m5h-hrqm-pxm2)
     GHSA-q77q-vx4q-xx6q: Cross-site Scripting in org.owasp.esapi:esapi (https://github.com/advisories/GHSA-q77q-vx4q-xx6q)
+    GHSA-r68h-jhhj-9jvm: Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year (https://github.com/advisories/GHSA-r68h-jhhj-9jvm)
 
-  12 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml
+  13 known vulnerabilities found in fixtures/locks-e2e/2-pom.xml
diff --git a/fixtures/locks-e2e/2-yarn.lock.out.txt b/fixtures/locks-e2e/2-yarn.lock.out.txt
@@ -45,9 +45,9 @@ fixtures/locks-e2e/2-yarn.lock: found 1991 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-4q6p-r6v2-jvc5: Chaijs/get-func-name vulnerable to ReDoS (https://github.com/advisories/GHSA-4q6p-r6v2-jvc5)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-7wwv-vh3v-89cq: ReDOS vulnerabities: multiple grammars (https://github.com/advisories/GHSA-7wwv-vh3v-89cq)
   [email protected] is affected by the following vulnerabilities:

diff --git a/fixtures/locks-e2e/3-yarn.lock.out.txt b/fixtures/locks-e2e/3-yarn.lock.out.txt
@@ -17,7 +17,7 @@ fixtures/locks-e2e/3-yarn.lock: found 1225 packages
   [email protected] is affected by the following vulnerabilities:
     GHSA-w573-4hg7-7wgq: decode-uri-component vulnerable to Denial of Service (DoS) (https://github.com/advisories/GHSA-w573-4hg7-7wgq)
   [email protected] is affected by the following vulnerabilities:
-    GHSA-ww39-953v-wcq6: glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
+    GHSA-ww39-953v-wcq6: glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex (https://github.com/advisories/GHSA-ww39-953v-wcq6)
   [email protected] is affected by the following vulnerabilities:
     GHSA-pfrx-2q88-qq97: Got allows a redirect to a UNIX socket (https://github.com/advisories/GHSA-pfrx-2q88-qq97)
   [email protected] is affected by the following vulnerabilities: