From 433cc44e6f502777012de579235b545f813c2518 Mon Sep 17 00:00:00 2001 From: Gaurangi Bansal Date: Wed, 20 Dec 2023 17:27:20 +0530 Subject: [PATCH] commit --- package-lock.json | 6 + server/app.js | 30 +- server/reports/depscan-universal.json | 428 +- server/reports/depscan.html | 898 +- server/reports/report_20231220090143066.json | 15601 +++++++++++++++++ server/reports/report_20231220090218531.json | 15601 +++++++++++++++++ server/reports/report_20231220090356353.json | 15601 +++++++++++++++++ server/reports/report_20231220090437227.json | 15601 +++++++++++++++++ server/reports/report_20231220090927511.json | 15601 +++++++++++++++++ server/reports/report_20231220092545798.json | 15601 +++++++++++++++++ server/reports/report_20231220092646734.json | 15601 +++++++++++++++++ server/reports/sbom-universal.json | 4 +- 12 files changed, 109899 insertions(+), 674 deletions(-) create mode 100644 package-lock.json create mode 100644 server/reports/report_20231220090143066.json create mode 100644 server/reports/report_20231220090218531.json create mode 100644 server/reports/report_20231220090356353.json create mode 100644 server/reports/report_20231220090437227.json create mode 100644 server/reports/report_20231220090927511.json create mode 100644 server/reports/report_20231220092545798.json create mode 100644 server/reports/report_20231220092646734.json diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 000000000..5408078dc --- /dev/null +++ b/package-lock.json @@ -0,0 +1,6 @@ +{ + "name": "sbom-electron-gui", + "lockfileVersion": 3, + "requires": true, + "packages": {} +} diff --git a/server/app.js b/server/app.js index b364e28a5..95e5b8444 100644 --- a/server/app.js +++ b/server/app.js @@ -24,19 +24,31 @@ const runSbomGenerator = (pathh) => { const destinationFilePath = path.join(destinationFolderPath, newFileName); console.log(fs.existsSync(sourceFilePath)); fs.renameSync(sourceFilePath, destinationFilePath); - - // Insert the new path into MySQL database - const insertQuery = `INSERT INTO data (html,uploaded) VALUES ('${destinationFilePath}', '${new Date() - .toISOString() - .slice(0, 19) - .replace("T", " ")}')`; - con.query(insertQuery, (err, results) => { + con.query(`SELECT MAX(id) FROM data`, (err, results) => { if (err) { - console.error("Error inserting data:", err); + console.error("Error retrieving data:", err); } else { - console.log("Data inserted successfully. Row ID:", results.insertId); + let id = (results[0]["MAX(id)"]) ? results[0]["MAX(id)"] : 0; + const insertQuery = `INSERT INTO data (id, html,uploaded) VALUES (${ + id + 1 + }, '${destinationFilePath}', '${new Date() + .toISOString() + .slice(0, 19) + .replace("T", " ")}')`; + con.query(insertQuery, (err, results) => { + if (err) { + console.error("Error inserting data:", err); + } else { + console.log( + "Data inserted successfully. Row ID:", + results.insertId + ); + } + }); } }); + + // Insert the new path into MySQL database }); }; diff --git a/server/reports/depscan-universal.json b/server/reports/depscan-universal.json index 95d3a5259..cfe781abb 100644 --- a/server/reports/depscan-universal.json +++ b/server/reports/depscan-universal.json @@ -1,255 +1,255 @@ -{"id": "CVE-2017-3635", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3635.html", "https://bugzilla.suse.com/1049397", "https://bugzilla.suse.com/1049398", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3636", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3636.html", "https://bugzilla.suse.com/1049399", "https://bugzilla.suse.com/1049422", "https://bugzilla.suse.com/1054591", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2430", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2430.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2431", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2431.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-10379", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10379.html", "https://bugzilla.suse.com/1064116", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-10384", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10384.html", "https://bugzilla.suse.com/1064117", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0508", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0508.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6478", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6478.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6484", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6484.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4772", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4772.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4769", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4769.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4771", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4771.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2432", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2432.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2617", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2617.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2620", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2620.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2014-2435", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2435.html", "https://bugzilla.suse.com/1021755", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2014-2436", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2436.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4000", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4000.html", "https://bugzilla.suse.com/1074631", "https://bugzilla.suse.com/1211968", "https://bugzilla.suse.com/931600", "https://bugzilla.suse.com/931698", "https://bugzilla.suse.com/931723", "https://bugzilla.suse.com/931845", "https://bugzilla.suse.com/932026", "https://bugzilla.suse.com/932483", "https://bugzilla.suse.com/934789", "https://bugzilla.suse.com/935033", "https://bugzilla.suse.com/935540", "https://bugzilla.suse.com/935979", "https://bugzilla.suse.com/937202", "https://bugzilla.suse.com/937766", "https://bugzilla.suse.com/938248", "https://bugzilla.suse.com/938432", "https://bugzilla.suse.com/938895", "https://bugzilla.suse.com/938905", "https://bugzilla.suse.com/938906", "https://bugzilla.suse.com/938913", "https://bugzilla.suse.com/938945", "https://bugzilla.suse.com/943664", "https://bugzilla.suse.com/944729", "https://bugzilla.suse.com/945582", "https://bugzilla.suse.com/955589", "https://bugzilla.suse.com/980406", "https://bugzilla.suse.com/990592", "https://bugzilla.suse.com/994144"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6494", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6494.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6495", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6495.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4207", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4207.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6559", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6559.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4830", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4830.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4833", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4833.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4836", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4836.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0204", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0204.html", "https://bugzilla.suse.com/912014", "https://bugzilla.suse.com/920482", "https://bugzilla.suse.com/920484", "https://bugzilla.suse.com/927591", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936787", "https://bugzilla.suse.com/952088"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2021-2478", "package": "rocky:mysql", "purl": "rocky:mysql", "package_type": "rocky", "package_usage": "N/A", "version": null, "fix_version": "8.0.30", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", "related_urls": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2479", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2481", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35591", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35597", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35612", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35625", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35628", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35634", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35639", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35641", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35644", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35646", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21245", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21249", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21253", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21254", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21256", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21264", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21278", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21297", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21302", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21303", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21342", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21348", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21351", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21368", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21370", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21372", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21374", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21379", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21413", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21414", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21423", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21425", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21427", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21435", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21436", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21438", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21440", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21444", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21452", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21454", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21457", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21460", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21462", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21479", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21509", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21515", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21525", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21529", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21531", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21547", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21556", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21641", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21872", "https://bugzilla.redhat.com/show_bug.cgi?id=2016089", "https://bugzilla.redhat.com/show_bug.cgi?id=2016090", "https://bugzilla.redhat.com/show_bug.cgi?id=2016091", "https://bugzilla.redhat.com/show_bug.cgi?id=2016093", "https://bugzilla.redhat.com/show_bug.cgi?id=2016094", "https://bugzilla.redhat.com/show_bug.cgi?id=2016095", "https://bugzilla.redhat.com/show_bug.cgi?id=2016097", "https://bugzilla.redhat.com/show_bug.cgi?id=2016098", "https://bugzilla.redhat.com/show_bug.cgi?id=2016099", "https://bugzilla.redhat.com/show_bug.cgi?id=2016100", "https://bugzilla.redhat.com/show_bug.cgi?id=2016101", "https://bugzilla.redhat.com/show_bug.cgi?id=2016104", "https://bugzilla.redhat.com/show_bug.cgi?id=2016105", "https://bugzilla.redhat.com/show_bug.cgi?id=2016106", "https://bugzilla.redhat.com/show_bug.cgi?id=2016107", "https://bugzilla.redhat.com/show_bug.cgi?id=2016108", "https://bugzilla.redhat.com/show_bug.cgi?id=2016109", "https://bugzilla.redhat.com/show_bug.cgi?id=2016110", "https://bugzilla.redhat.com/show_bug.cgi?id=2016111", "https://bugzilla.redhat.com/show_bug.cgi?id=2016112", "https://bugzilla.redhat.com/show_bug.cgi?id=2016113", "https://bugzilla.redhat.com/show_bug.cgi?id=2016114", "https://bugzilla.redhat.com/show_bug.cgi?id=2016117", "https://bugzilla.redhat.com/show_bug.cgi?id=2016118", "https://bugzilla.redhat.com/show_bug.cgi?id=2016119", "https://bugzilla.redhat.com/show_bug.cgi?id=2016120", "https://bugzilla.redhat.com/show_bug.cgi?id=2016121", "https://bugzilla.redhat.com/show_bug.cgi?id=2016122", "https://bugzilla.redhat.com/show_bug.cgi?id=2016124", "https://bugzilla.redhat.com/show_bug.cgi?id=2016126", "https://bugzilla.redhat.com/show_bug.cgi?id=2016127", "https://bugzilla.redhat.com/show_bug.cgi?id=2016128", "https://bugzilla.redhat.com/show_bug.cgi?id=2016129", "https://bugzilla.redhat.com/show_bug.cgi?id=2016130", "https://bugzilla.redhat.com/show_bug.cgi?id=2016131", "https://bugzilla.redhat.com/show_bug.cgi?id=2016132", "https://bugzilla.redhat.com/show_bug.cgi?id=2016133", "https://bugzilla.redhat.com/show_bug.cgi?id=2016134", "https://bugzilla.redhat.com/show_bug.cgi?id=2016135", "https://bugzilla.redhat.com/show_bug.cgi?id=2016137", "https://bugzilla.redhat.com/show_bug.cgi?id=2016138", "https://bugzilla.redhat.com/show_bug.cgi?id=2043620", "https://bugzilla.redhat.com/show_bug.cgi?id=2043621", "https://bugzilla.redhat.com/show_bug.cgi?id=2043622", "https://bugzilla.redhat.com/show_bug.cgi?id=2043623", "https://bugzilla.redhat.com/show_bug.cgi?id=2043624", "https://bugzilla.redhat.com/show_bug.cgi?id=2043625", "https://bugzilla.redhat.com/show_bug.cgi?id=2043626", "https://bugzilla.redhat.com/show_bug.cgi?id=2043627", "https://bugzilla.redhat.com/show_bug.cgi?id=2043628", "https://bugzilla.redhat.com/show_bug.cgi?id=2043629", "https://bugzilla.redhat.com/show_bug.cgi?id=2043630", "https://bugzilla.redhat.com/show_bug.cgi?id=2043631", "https://bugzilla.redhat.com/show_bug.cgi?id=2043632", "https://bugzilla.redhat.com/show_bug.cgi?id=2043633", "https://bugzilla.redhat.com/show_bug.cgi?id=2043634", "https://bugzilla.redhat.com/show_bug.cgi?id=2043635", "https://bugzilla.redhat.com/show_bug.cgi?id=2043636", "https://bugzilla.redhat.com/show_bug.cgi?id=2043637", "https://bugzilla.redhat.com/show_bug.cgi?id=2043638", "https://bugzilla.redhat.com/show_bug.cgi?id=2043639", "https://bugzilla.redhat.com/show_bug.cgi?id=2043640", "https://bugzilla.redhat.com/show_bug.cgi?id=2043641", "https://bugzilla.redhat.com/show_bug.cgi?id=2043642", "https://bugzilla.redhat.com/show_bug.cgi?id=2043643", "https://bugzilla.redhat.com/show_bug.cgi?id=2043644", "https://bugzilla.redhat.com/show_bug.cgi?id=2043645", "https://bugzilla.redhat.com/show_bug.cgi?id=2043646", "https://bugzilla.redhat.com/show_bug.cgi?id=2043647", "https://bugzilla.redhat.com/show_bug.cgi?id=2043648", "https://bugzilla.redhat.com/show_bug.cgi?id=2082636", "https://bugzilla.redhat.com/show_bug.cgi?id=2082637", "https://bugzilla.redhat.com/show_bug.cgi?id=2082638", "https://bugzilla.redhat.com/show_bug.cgi?id=2082639", "https://bugzilla.redhat.com/show_bug.cgi?id=2082640", "https://bugzilla.redhat.com/show_bug.cgi?id=2082641", "https://bugzilla.redhat.com/show_bug.cgi?id=2082642", "https://bugzilla.redhat.com/show_bug.cgi?id=2082643", "https://bugzilla.redhat.com/show_bug.cgi?id=2082644", "https://bugzilla.redhat.com/show_bug.cgi?id=2082645", "https://bugzilla.redhat.com/show_bug.cgi?id=2082646", "https://bugzilla.redhat.com/show_bug.cgi?id=2082647", "https://bugzilla.redhat.com/show_bug.cgi?id=2082648", "https://bugzilla.redhat.com/show_bug.cgi?id=2082649", "https://bugzilla.redhat.com/show_bug.cgi?id=2082650", "https://bugzilla.redhat.com/show_bug.cgi?id=2082651", "https://bugzilla.redhat.com/show_bug.cgi?id=2082652", "https://bugzilla.redhat.com/show_bug.cgi?id=2082653", "https://bugzilla.redhat.com/show_bug.cgi?id=2082654", "https://bugzilla.redhat.com/show_bug.cgi?id=2082655", "https://bugzilla.redhat.com/show_bug.cgi?id=2082656", "https://bugzilla.redhat.com/show_bug.cgi?id=2082657", "https://bugzilla.redhat.com/show_bug.cgi?id=2082658", "https://bugzilla.redhat.com/show_bug.cgi?id=2082659", "https://bugzilla.redhat.com/show_bug.cgi?id=2110940", "https://bugzilla.redhat.com/show_bug.cgi?id=2115283", "https://bugzilla.redhat.com/show_bug.cgi?id=2115284", "https://bugzilla.redhat.com/show_bug.cgi?id=2115285", "https://bugzilla.redhat.com/show_bug.cgi?id=2115286", "https://bugzilla.redhat.com/show_bug.cgi?id=2115287", "https://bugzilla.redhat.com/show_bug.cgi?id=2115288", "https://bugzilla.redhat.com/show_bug.cgi?id=2115289", "https://bugzilla.redhat.com/show_bug.cgi?id=2115290", "https://bugzilla.redhat.com/show_bug.cgi?id=2115291", "https://bugzilla.redhat.com/show_bug.cgi?id=2115292", "https://bugzilla.redhat.com/show_bug.cgi?id=2115293", "https://bugzilla.redhat.com/show_bug.cgi?id=2115294", "https://bugzilla.redhat.com/show_bug.cgi?id=2115295", "https://bugzilla.redhat.com/show_bug.cgi?id=2115296", "https://bugzilla.redhat.com/show_bug.cgi?id=2115297", "https://bugzilla.redhat.com/show_bug.cgi?id=2115298", "https://bugzilla.redhat.com/show_bug.cgi?id=2115299", "https://bugzilla.redhat.com/show_bug.cgi?id=2115301", "https://bugzilla.redhat.com/show_bug.cgi?id=2122604", "https://errata.rockylinux.org/RLSA-2022:7119"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-10268", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10268.html", "https://bugzilla.suse.com/1064101", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076505", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-10378", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10378.html", "https://bugzilla.suse.com/1064115", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076505", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2566", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2566.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2021-35065", "package": "debian:node-glob-parent", "purl": "debian:node-glob-parent", "package_type": "debian", "package_usage": "N/A", "version": null, "fix_version": "6.0.2+~5.1.1-1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", "related_urls": [], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4858", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4858.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4861", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4861.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4240", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4240.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0431", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0431.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0433", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0433.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6496", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6496.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6478", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6478.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6484", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6484.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2434", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2434.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3244", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3244.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020877"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3258", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3258.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020875"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3265", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3265.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020885"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6491", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6491.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2017-3641", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3641.html", "https://bugzilla.suse.com/1049404", "https://bugzilla.suse.com/1049422", "https://bugzilla.suse.com/1054591", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2017-3648", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3648.html", "https://bugzilla.suse.com/1049411", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4240", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4240.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2440.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0427", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0427.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4000", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4000.html", "https://bugzilla.suse.com/1074631", "https://bugzilla.suse.com/1211968", "https://bugzilla.suse.com/931600", "https://bugzilla.suse.com/931698", "https://bugzilla.suse.com/931723", "https://bugzilla.suse.com/931845", "https://bugzilla.suse.com/932026", "https://bugzilla.suse.com/932483", "https://bugzilla.suse.com/934789", "https://bugzilla.suse.com/935033", "https://bugzilla.suse.com/935540", "https://bugzilla.suse.com/935979", "https://bugzilla.suse.com/937202", "https://bugzilla.suse.com/937766", "https://bugzilla.suse.com/938248", "https://bugzilla.suse.com/938432", "https://bugzilla.suse.com/938895", "https://bugzilla.suse.com/938905", "https://bugzilla.suse.com/938906", "https://bugzilla.suse.com/938913", "https://bugzilla.suse.com/938945", "https://bugzilla.suse.com/943664", "https://bugzilla.suse.com/944729", "https://bugzilla.suse.com/945582", "https://bugzilla.suse.com/955589", "https://bugzilla.suse.com/980406", "https://bugzilla.suse.com/990592", "https://bugzilla.suse.com/994144"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0505.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0506", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0506.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2023-49803", "package": "@koa:cors", "purl": "@koa:cors", "package_type": "@koa", "package_usage": "N/A", "version": "<5.0.0", "fix_version": "5.0.0", "severity": "HIGH", "cvss_score": "7.5", "short_description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", "related_urls": ["https://github.com/koajs/cors/security/advisories/GHSA-qxrj-hx23-xp82", "https://github.com/koajs/cors/commit/f31dac99f5355c41e7d4dd3c4a80c5f154941a11", "https://nvd.nist.gov/vuln/detail/CVE-2023-49803", "https://github.com/advisories/GHSA-qxrj-hx23-xp82"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3291", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3291.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3312", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3312.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020873", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0433", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0433.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0224", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0224.html", "https://bugzilla.suse.com/1146657", "https://bugzilla.suse.com/880891", "https://bugzilla.suse.com/881743", "https://bugzilla.suse.com/883126", "https://bugzilla.suse.com/885777", "https://bugzilla.suse.com/892403", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/903703", "https://bugzilla.suse.com/905018", "https://bugzilla.suse.com/905106", "https://bugzilla.suse.com/914447", "https://bugzilla.suse.com/915913", "https://bugzilla.suse.com/916239"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2451", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2451.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6505.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6507", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6507.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-7744", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-7744.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0502", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0502.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2018-3071", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.securityfocus.com/bid/104784", "https://security.netapp.com/advisory/ntap-20180726-0002/", "http://www.securitytracker.com/id/1041294", "https://usn.ubuntu.com/3725-1/", "https://access.redhat.com/errata/RHSA-2018:3655"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5908", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5908.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0001", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0001.html", "https://bugzilla.suse.com/861493"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2438", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2438.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0508", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0508.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2582", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2582.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2611", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2611.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-3477", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3477.html", "https://bugzilla.suse.com/989913", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-3521", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3521.html", "https://bugzilla.suse.com/989919", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0642", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0642.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0643", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0643.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-4316", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-4316.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-3152", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-3152.html", "https://bugzilla.suse.com/1037590", "https://bugzilla.suse.com/1047059", "https://bugzilla.suse.com/1088681", "https://bugzilla.suse.com/924663", "https://bugzilla.suse.com/928962", "https://bugzilla.suse.com/936407"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4737", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4737.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2573", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2573.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-1861", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-1861.html", "https://bugzilla.suse.com/809544", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3783", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3783.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6551", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6551.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6555", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6555.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-5483", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5483.html", "https://bugzilla.suse.com/1001367", "https://bugzilla.suse.com/1005555", "https://bugzilla.suse.com/1005557", "https://bugzilla.suse.com/1005561", "https://bugzilla.suse.com/1005562", "https://bugzilla.suse.com/1005563", "https://bugzilla.suse.com/1005564", "https://bugzilla.suse.com/1005566", "https://bugzilla.suse.com/1005569", "https://bugzilla.suse.com/1005570", "https://bugzilla.suse.com/1005582", "https://bugzilla.suse.com/1020875", "https://bugzilla.suse.com/1020876", "https://bugzilla.suse.com/1020877", "https://bugzilla.suse.com/1020878", "https://bugzilla.suse.com/1020882", "https://bugzilla.suse.com/1020883", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/1020885", "https://bugzilla.suse.com/1020888", "https://bugzilla.suse.com/1020890", "https://bugzilla.suse.com/1020891", "https://bugzilla.suse.com/1020893", "https://bugzilla.suse.com/1020894", "https://bugzilla.suse.com/1020896", "https://bugzilla.suse.com/1020898", "https://bugzilla.suse.com/1020901", "https://bugzilla.suse.com/1022428", "https://bugzilla.suse.com/1029014", "https://bugzilla.suse.com/1029396", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1049393", "https://bugzilla.suse.com/1049394", "https://bugzilla.suse.com/1049396", "https://bugzilla.suse.com/1049399", "https://bugzilla.suse.com/1049400", "https://bugzilla.suse.com/1049401", "https://bugzilla.suse.com/1049402", "https://bugzilla.suse.com/1049403", "https://bugzilla.suse.com/1049404", "https://bugzilla.suse.com/1049405", "https://bugzilla.suse.com/1049406", "https://bugzilla.suse.com/1049407", "https://bugzilla.suse.com/1049408", "https://bugzilla.suse.com/1049409", "https://bugzilla.suse.com/1049410", "https://bugzilla.suse.com/1049411", "https://bugzilla.suse.com/1049412", "https://bugzilla.suse.com/1049414", "https://bugzilla.suse.com/1049415", "https://bugzilla.suse.com/1049416", "https://bugzilla.suse.com/1049417", "https://bugzilla.suse.com/1064101", "https://bugzilla.suse.com/1064107", "https://bugzilla.suse.com/1064115", "https://bugzilla.suse.com/1064116", "https://bugzilla.suse.com/1064117"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3302", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3302.html", "https://bugzilla.suse.com/1022428", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1034911"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0409", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0409.html", "https://bugzilla.suse.com/914058"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0501", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0501.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0401", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0401.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0438", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0438.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0439", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0439.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0505.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0546", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0546.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2012-5615", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", "related_urls": ["https://www.suse.com/security/cve/CVE-2012-5615.html", "https://bugzilla.suse.com/792440", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2023-21977", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.oracle.com/security-alerts/cpuapr2023.html", "https://security.netapp.com/advisory/ntap-20230427-0007/"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0499", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0499.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0500", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0500.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-3477", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3477.html", "https://bugzilla.suse.com/989913", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-3521", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3521.html", "https://bugzilla.suse.com/989919", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2432", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2432.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0666", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0666.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-2047", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-2047.html", "https://bugzilla.suse.com/963806", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0644", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0644.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0646", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0646.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0600", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0600.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0606", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0606.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4815", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4815.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4816", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4816.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4730", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4730.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4766", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4766.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4792", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4792.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2566", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2566.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0640", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0640.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0641", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0641.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6463", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6463.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6464", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6464.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0411", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0411.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0423", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0423.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2018-3061", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.securityfocus.com/bid/104785", "https://security.netapp.com/advisory/ntap-20180726-0002/", "http://www.securitytracker.com/id/1041294", "https://usn.ubuntu.com/3725-1/", "https://access.redhat.com/errata/RHSA-2018:3655"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4752", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4752.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4756", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4756.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2013-3801", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3801.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3809", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3809.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6489", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6489.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3807", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3807.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3808", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3808.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0204", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0204.html", "https://bugzilla.suse.com/912014", "https://bugzilla.suse.com/920482", "https://bugzilla.suse.com/920484", "https://bugzilla.suse.com/927591", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936787", "https://bugzilla.suse.com/952088"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6559", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6559.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3309", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3309.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3329", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3329.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4274", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4274.html", "https://bugzilla.suse.com/857678", "https://bugzilla.suse.com/896400", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3238", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3238.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020882"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3243", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3243.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020891"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5908", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5908.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0001", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0001.html", "https://bugzilla.suse.com/861493"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0503", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0503.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0596", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0596.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0597", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0597.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0598", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0598.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0616", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0616.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5894", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5894.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0402", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0402.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4830", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4830.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4833", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4833.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4836", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4836.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4287", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4287.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-7744", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-7744.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0502", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0502.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4757", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4757.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4761", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4761.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4767", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4767.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6530", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6530.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0381", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0381.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3809", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3809.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4274", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4274.html", "https://bugzilla.suse.com/857678", "https://bugzilla.suse.com/896400", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6564", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6564.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3811", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3811.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3812", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3812.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0650", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0650.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0651", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0651.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4233", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4233.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4238", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4238.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2576", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2576.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4730", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4730.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4766", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4766.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4792", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4792.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2014-0430", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0430.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2451", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2451.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2434", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2434.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2617", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2617.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2620", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2620.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4879", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4879.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4890", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4890.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6496", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6496.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0640", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0640.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0641", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0641.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6568", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6568.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-8275", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-8275.html", "https://bugzilla.suse.com/912018", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0608", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0608.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0609", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0609.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3651", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3651.html", "https://bugzilla.suse.com/1049415", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3652", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3652.html", "https://bugzilla.suse.com/1049416", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2576", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2576.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-1789", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-1789.html", "https://bugzilla.suse.com/934489", "https://bugzilla.suse.com/934666", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/938432", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-1793", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-1793.html", "https://bugzilla.suse.com/936746", "https://bugzilla.suse.com/937637", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6469", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6469.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2013-3795", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3795.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2013-3796", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3796.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5881", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5881.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5882", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5882.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2639", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2639.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2641", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2641.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2643", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2643.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2021-2478", "package": "rocky:mysql", "purl": "rocky:mysql", "package_type": "rocky", "package_usage": "N/A", "version": null, "fix_version": "8.0.30", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", "related_urls": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2479", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2481", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35591", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35597", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35612", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35625", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35628", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35634", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35639", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35641", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35644", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35646", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21245", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21249", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21253", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21254", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21256", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21264", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21278", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21297", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21302", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21303", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21342", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21344", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21348", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21351", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21362", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21368", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21370", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21372", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21374", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21379", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21413", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21414", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21423", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21425", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21427", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21435", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21436", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21438", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21440", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21444", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21452", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21454", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21457", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21460", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21462", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21479", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21509", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21515", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21525", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21529", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21531", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21547", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21556", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21641", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21872", "https://bugzilla.redhat.com/show_bug.cgi?id=2016089", "https://bugzilla.redhat.com/show_bug.cgi?id=2016090", "https://bugzilla.redhat.com/show_bug.cgi?id=2016091", "https://bugzilla.redhat.com/show_bug.cgi?id=2016093", "https://bugzilla.redhat.com/show_bug.cgi?id=2016094", "https://bugzilla.redhat.com/show_bug.cgi?id=2016095", "https://bugzilla.redhat.com/show_bug.cgi?id=2016097", "https://bugzilla.redhat.com/show_bug.cgi?id=2016098", "https://bugzilla.redhat.com/show_bug.cgi?id=2016099", "https://bugzilla.redhat.com/show_bug.cgi?id=2016100", "https://bugzilla.redhat.com/show_bug.cgi?id=2016101", "https://bugzilla.redhat.com/show_bug.cgi?id=2016104", "https://bugzilla.redhat.com/show_bug.cgi?id=2016105", "https://bugzilla.redhat.com/show_bug.cgi?id=2016106", "https://bugzilla.redhat.com/show_bug.cgi?id=2016107", "https://bugzilla.redhat.com/show_bug.cgi?id=2016108", "https://bugzilla.redhat.com/show_bug.cgi?id=2016109", "https://bugzilla.redhat.com/show_bug.cgi?id=2016110", "https://bugzilla.redhat.com/show_bug.cgi?id=2016111", "https://bugzilla.redhat.com/show_bug.cgi?id=2016112", "https://bugzilla.redhat.com/show_bug.cgi?id=2016113", "https://bugzilla.redhat.com/show_bug.cgi?id=2016114", "https://bugzilla.redhat.com/show_bug.cgi?id=2016117", "https://bugzilla.redhat.com/show_bug.cgi?id=2016118", "https://bugzilla.redhat.com/show_bug.cgi?id=2016119", "https://bugzilla.redhat.com/show_bug.cgi?id=2016120", "https://bugzilla.redhat.com/show_bug.cgi?id=2016121", "https://bugzilla.redhat.com/show_bug.cgi?id=2016122", "https://bugzilla.redhat.com/show_bug.cgi?id=2016124", "https://bugzilla.redhat.com/show_bug.cgi?id=2016126", "https://bugzilla.redhat.com/show_bug.cgi?id=2016127", "https://bugzilla.redhat.com/show_bug.cgi?id=2016128", "https://bugzilla.redhat.com/show_bug.cgi?id=2016129", "https://bugzilla.redhat.com/show_bug.cgi?id=2016130", "https://bugzilla.redhat.com/show_bug.cgi?id=2016131", "https://bugzilla.redhat.com/show_bug.cgi?id=2016132", "https://bugzilla.redhat.com/show_bug.cgi?id=2016133", "https://bugzilla.redhat.com/show_bug.cgi?id=2016134", "https://bugzilla.redhat.com/show_bug.cgi?id=2016135", "https://bugzilla.redhat.com/show_bug.cgi?id=2016137", "https://bugzilla.redhat.com/show_bug.cgi?id=2016138", "https://bugzilla.redhat.com/show_bug.cgi?id=2043620", "https://bugzilla.redhat.com/show_bug.cgi?id=2043621", "https://bugzilla.redhat.com/show_bug.cgi?id=2043622", "https://bugzilla.redhat.com/show_bug.cgi?id=2043623", "https://bugzilla.redhat.com/show_bug.cgi?id=2043624", "https://bugzilla.redhat.com/show_bug.cgi?id=2043625", "https://bugzilla.redhat.com/show_bug.cgi?id=2043626", "https://bugzilla.redhat.com/show_bug.cgi?id=2043627", "https://bugzilla.redhat.com/show_bug.cgi?id=2043628", "https://bugzilla.redhat.com/show_bug.cgi?id=2043629", "https://bugzilla.redhat.com/show_bug.cgi?id=2043630", "https://bugzilla.redhat.com/show_bug.cgi?id=2043631", "https://bugzilla.redhat.com/show_bug.cgi?id=2043632", "https://bugzilla.redhat.com/show_bug.cgi?id=2043633", "https://bugzilla.redhat.com/show_bug.cgi?id=2043634", "https://bugzilla.redhat.com/show_bug.cgi?id=2043635", "https://bugzilla.redhat.com/show_bug.cgi?id=2043636", "https://bugzilla.redhat.com/show_bug.cgi?id=2043637", "https://bugzilla.redhat.com/show_bug.cgi?id=2043638", "https://bugzilla.redhat.com/show_bug.cgi?id=2043639", "https://bugzilla.redhat.com/show_bug.cgi?id=2043640", "https://bugzilla.redhat.com/show_bug.cgi?id=2043641", "https://bugzilla.redhat.com/show_bug.cgi?id=2043642", "https://bugzilla.redhat.com/show_bug.cgi?id=2043643", "https://bugzilla.redhat.com/show_bug.cgi?id=2043644", "https://bugzilla.redhat.com/show_bug.cgi?id=2043645", "https://bugzilla.redhat.com/show_bug.cgi?id=2043646", "https://bugzilla.redhat.com/show_bug.cgi?id=2043647", "https://bugzilla.redhat.com/show_bug.cgi?id=2043648", "https://bugzilla.redhat.com/show_bug.cgi?id=2082636", "https://bugzilla.redhat.com/show_bug.cgi?id=2082637", "https://bugzilla.redhat.com/show_bug.cgi?id=2082638", "https://bugzilla.redhat.com/show_bug.cgi?id=2082639", "https://bugzilla.redhat.com/show_bug.cgi?id=2082640", "https://bugzilla.redhat.com/show_bug.cgi?id=2082641", "https://bugzilla.redhat.com/show_bug.cgi?id=2082642", "https://bugzilla.redhat.com/show_bug.cgi?id=2082643", "https://bugzilla.redhat.com/show_bug.cgi?id=2082644", "https://bugzilla.redhat.com/show_bug.cgi?id=2082645", "https://bugzilla.redhat.com/show_bug.cgi?id=2082646", "https://bugzilla.redhat.com/show_bug.cgi?id=2082647", "https://bugzilla.redhat.com/show_bug.cgi?id=2082648", "https://bugzilla.redhat.com/show_bug.cgi?id=2082649", "https://bugzilla.redhat.com/show_bug.cgi?id=2082650", "https://bugzilla.redhat.com/show_bug.cgi?id=2082651", "https://bugzilla.redhat.com/show_bug.cgi?id=2082652", "https://bugzilla.redhat.com/show_bug.cgi?id=2082653", "https://bugzilla.redhat.com/show_bug.cgi?id=2082654", "https://bugzilla.redhat.com/show_bug.cgi?id=2082655", "https://bugzilla.redhat.com/show_bug.cgi?id=2082656", "https://bugzilla.redhat.com/show_bug.cgi?id=2082657", "https://bugzilla.redhat.com/show_bug.cgi?id=2082658", "https://bugzilla.redhat.com/show_bug.cgi?id=2082659", "https://bugzilla.redhat.com/show_bug.cgi?id=2110940", "https://bugzilla.redhat.com/show_bug.cgi?id=2115283", "https://bugzilla.redhat.com/show_bug.cgi?id=2115284", "https://bugzilla.redhat.com/show_bug.cgi?id=2115285", "https://bugzilla.redhat.com/show_bug.cgi?id=2115286", "https://bugzilla.redhat.com/show_bug.cgi?id=2115287", "https://bugzilla.redhat.com/show_bug.cgi?id=2115288", "https://bugzilla.redhat.com/show_bug.cgi?id=2115289", "https://bugzilla.redhat.com/show_bug.cgi?id=2115290", "https://bugzilla.redhat.com/show_bug.cgi?id=2115291", "https://bugzilla.redhat.com/show_bug.cgi?id=2115292", "https://bugzilla.redhat.com/show_bug.cgi?id=2115293", "https://bugzilla.redhat.com/show_bug.cgi?id=2115294", "https://bugzilla.redhat.com/show_bug.cgi?id=2115295", "https://bugzilla.redhat.com/show_bug.cgi?id=2115296", "https://bugzilla.redhat.com/show_bug.cgi?id=2115297", "https://bugzilla.redhat.com/show_bug.cgi?id=2115298", "https://bugzilla.redhat.com/show_bug.cgi?id=2115299", "https://bugzilla.redhat.com/show_bug.cgi?id=2115301", "https://bugzilla.redhat.com/show_bug.cgi?id=2122604", "https://errata.rockylinux.org/RLSA-2022:7119"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2012-5611", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.0.96-0.6.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", "related_urls": ["https://www.suse.com/security/cve/CVE-2012-5611.html", "https://bugzilla.suse.com/792362", "https://bugzilla.suse.com/792444", "https://bugzilla.suse.com/798753"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2012-5612", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.0.96-0.6.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", "related_urls": ["https://www.suse.com/security/cve/CVE-2012-5612.html", "https://bugzilla.suse.com/792443", "https://bugzilla.suse.com/798753"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2012-5613", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.0.96-0.6.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", "related_urls": ["https://www.suse.com/security/cve/CVE-2012-5613.html", "https://bugzilla.suse.com/792442"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4800", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4800.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4802", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4802.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-1861", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-1861.html", "https://bugzilla.suse.com/809544", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3783", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3783.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0286", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0286.html", "https://bugzilla.suse.com/919648", "https://bugzilla.suse.com/922496", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0288", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0288.html", "https://bugzilla.suse.com/919648", "https://bugzilla.suse.com/920236", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0432", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0432.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6520", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6520.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4858", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4858.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4861", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4861.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0437", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0437.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4207", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4207.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6564", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6564.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0401", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0401.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0433", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0433.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0384", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0384.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2021-35065", "package": "debian:node-glob-parent", "purl": "debian:node-glob-parent", "package_type": "debian", "package_usage": "N/A", "version": null, "fix_version": "6.0.2+~5.1.1-1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", "related_urls": [], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2450", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2450.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6469", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6469.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3802", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3802.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3804", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3804.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0666", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0666.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-2047", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-2047.html", "https://bugzilla.suse.com/963806", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-4895", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4895.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-4904", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4904.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-4905", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4905.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-4316", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-4316.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-5483", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5483.html", "https://bugzilla.suse.com/1001367", "https://bugzilla.suse.com/1005555", "https://bugzilla.suse.com/1005557", "https://bugzilla.suse.com/1005561", "https://bugzilla.suse.com/1005562", "https://bugzilla.suse.com/1005563", "https://bugzilla.suse.com/1005564", "https://bugzilla.suse.com/1005566", "https://bugzilla.suse.com/1005569", "https://bugzilla.suse.com/1005570", "https://bugzilla.suse.com/1005582", "https://bugzilla.suse.com/1020875", "https://bugzilla.suse.com/1020876", "https://bugzilla.suse.com/1020877", "https://bugzilla.suse.com/1020878", "https://bugzilla.suse.com/1020882", "https://bugzilla.suse.com/1020883", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/1020885", "https://bugzilla.suse.com/1020888", "https://bugzilla.suse.com/1020890", "https://bugzilla.suse.com/1020891", "https://bugzilla.suse.com/1020893", "https://bugzilla.suse.com/1020894", "https://bugzilla.suse.com/1020896", "https://bugzilla.suse.com/1020898", "https://bugzilla.suse.com/1020901", "https://bugzilla.suse.com/1022428", "https://bugzilla.suse.com/1029014", "https://bugzilla.suse.com/1029396", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1049393", "https://bugzilla.suse.com/1049394", "https://bugzilla.suse.com/1049396", "https://bugzilla.suse.com/1049399", "https://bugzilla.suse.com/1049400", "https://bugzilla.suse.com/1049401", "https://bugzilla.suse.com/1049402", "https://bugzilla.suse.com/1049403", "https://bugzilla.suse.com/1049404", "https://bugzilla.suse.com/1049405", "https://bugzilla.suse.com/1049406", "https://bugzilla.suse.com/1049407", "https://bugzilla.suse.com/1049408", "https://bugzilla.suse.com/1049409", "https://bugzilla.suse.com/1049410", "https://bugzilla.suse.com/1049411", "https://bugzilla.suse.com/1049412", "https://bugzilla.suse.com/1049414", "https://bugzilla.suse.com/1049415", "https://bugzilla.suse.com/1049416", "https://bugzilla.suse.com/1049417", "https://bugzilla.suse.com/1064101", "https://bugzilla.suse.com/1064107", "https://bugzilla.suse.com/1064115", "https://bugzilla.suse.com/1064116", "https://bugzilla.suse.com/1064117"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3302", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3302.html", "https://bugzilla.suse.com/1022428", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1034911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-18589", "package": "crates:cookie", "purl": "crates:cookie", "package_type": "crates", "package_usage": "N/A", "version": null, "fix_version": "0.7.6", "severity": "HIGH", "cvss_score": "7.5", "short_description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", "related_urls": ["https://nvd.nist.gov/vuln/detail/CVE-2017-18589", "https://github.com/SergioBenitez/cookie-rs/pull/86", "https://github.com/SergioBenitez/cookie-rs/commit/ee18b79fbf0903b73da525d302b09448009e0050", "https://github.com/alexcrichton/cookie-rs", "https://rustsec.org/advisories/RUSTSEC-2017-0005.html"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5891", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5891.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5881", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5881.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5882", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5882.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2013-3793", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3793.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2484", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2484.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2494", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2494.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0438", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0438.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0439", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0439.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0427", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0427.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0507", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0507.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3464", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3464.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3600", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3600.html", "https://bugzilla.suse.com/1029014", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3313", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3313.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020890", "https://bugzilla.suse.com/1034911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3317", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3317.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020894"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6568", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6568.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-8275", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-8275.html", "https://bugzilla.suse.com/912018", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2573", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2573.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-9843", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.62-0.39.18.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-9843.html", "https://bugzilla.suse.com/1003580", "https://bugzilla.suse.com/1013882", "https://bugzilla.suse.com/1038505", "https://bugzilla.suse.com/1062104", "https://bugzilla.suse.com/1116686", "https://bugzilla.suse.com/1120866", "https://bugzilla.suse.com/1123150", "https://bugzilla.suse.com/1127473", "https://bugzilla.suse.com/1184301"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2018-3133", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.62-0.39.18.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2018-3133.html", "https://bugzilla.suse.com/1112369"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0505.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0546", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0546.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2012-5615", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", "related_urls": ["https://www.suse.com/security/cve/CVE-2012-5615.html", "https://bugzilla.suse.com/792440", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6520", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6520.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2648", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2648.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2661", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2661.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3462", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3462.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3463", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3463.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2020-14672", "package": "rocky:mysql", "purl": "rocky:mysql", "package_type": "rocky", "package_usage": "N/A", "version": null, "fix_version": "8.0.26", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "related_urls": ["https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14672.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14765.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14769.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14775.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14776.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14777.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14785.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14786.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14789.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14790.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14791.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14793.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14794.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14800.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14804.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14809.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14812.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14814.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14821.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14828.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14829.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14830.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14836.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14837.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14838.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14839.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14844.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14845.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14846.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14848.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14852.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14860.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14861.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14866.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14867.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14868.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14870.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14873.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14888.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14891.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14893.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2001.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2002.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2010.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2011.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2021.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2022.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2024.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2028.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2030.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2031.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2032.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2036.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2038.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2042.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2046.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2048.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2055.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2056.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2058.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2060.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2061.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2065.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2070.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2072.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2076.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2081.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2087.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2088.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2122.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2146.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2164.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2166.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2169.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2170.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2171.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2172.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2174.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2178.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2179.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2180.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2193.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2194.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2196.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2201.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2202.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2203.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2208.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2212.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2213.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2215.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2217.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2226.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2230.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2232.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2278.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2298.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2299.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2300.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2301.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2304.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2305.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2307.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2308.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2339.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2340.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2342.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2352.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2354.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2356.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2357.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2367.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2370.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2372.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2374.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2383.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2384.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2385.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2387.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2389.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2390.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2399.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2402.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2410.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2412.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2417.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2418.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2422.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2424.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2425.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2426.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2427.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2429.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2437.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2440.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2441.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2444.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4214", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4214.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0286", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0286.html", "https://bugzilla.suse.com/919648", "https://bugzilla.suse.com/922496", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0288", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0288.html", "https://bugzilla.suse.com/919648", "https://bugzilla.suse.com/920236", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0644", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0644.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0646", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0646.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-10379", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10379.html", "https://bugzilla.suse.com/1064116", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-10384", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10384.html", "https://bugzilla.suse.com/1064117", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-3569", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3569.html", "https://bugzilla.suse.com/911399", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/986238"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3653", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3653.html", "https://bugzilla.suse.com/1049417", "https://bugzilla.suse.com/1049422", "https://bugzilla.suse.com/1054591", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4879", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4879.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4890", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4890.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3651", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3651.html", "https://bugzilla.suse.com/1049415", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3652", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3652.html", "https://bugzilla.suse.com/1049416", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3807", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3807.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3808", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3808.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6489", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6489.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3305", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3305.html", "https://bugzilla.suse.com/1029396", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1037590", "https://bugzilla.suse.com/924663"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3308", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3308.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3238", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3238.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020882"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3243", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3243.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020891"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3318", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3318.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020896"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2567", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2567.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2442", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2442.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2444", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2444.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4862", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4862.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4864", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4864.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4910", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4910.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4913", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4913.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0600", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0600.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0606", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0606.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2017-3453", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3453.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2017-3456", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3456.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2017-3461", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3461.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2567", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2567.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3291", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3291.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3312", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3312.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020873", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0505.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0506", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0506.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3309", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3309.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3329", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3329.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5894", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5894.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0511", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0511.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-2305", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2305.html", "https://bugzilla.suse.com/1040662", "https://bugzilla.suse.com/921950", "https://bugzilla.suse.com/922022", "https://bugzilla.suse.com/922028", "https://bugzilla.suse.com/922030", "https://bugzilla.suse.com/922043", "https://bugzilla.suse.com/922560", "https://bugzilla.suse.com/922567", "https://bugzilla.suse.com/929192", "https://bugzilla.suse.com/980366"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6530", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6530.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-3571", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3571.html", "https://bugzilla.suse.com/912294", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-3572", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3572.html", "https://bugzilla.suse.com/912015", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6494", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6494.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6495", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6495.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2484", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2484.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2494", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2494.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3806", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3806.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0441", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0441.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3794", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3794.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4769", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4769.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4771", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4771.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0437", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0437.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0206", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0206.html", "https://bugzilla.suse.com/912292", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0374", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0374.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-18589", "package": "crates:cookie", "purl": "crates:cookie", "package_type": "crates", "package_usage": "N/A", "version": null, "fix_version": "0.7.6", "severity": "HIGH", "cvss_score": "7.5", "short_description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", "related_urls": ["https://nvd.nist.gov/vuln/detail/CVE-2017-18589", "https://github.com/SergioBenitez/cookie-rs/pull/86", "https://github.com/SergioBenitez/cookie-rs/commit/ee18b79fbf0903b73da525d302b09448009e0050", "https://github.com/alexcrichton/cookie-rs", "https://rustsec.org/advisories/RUSTSEC-2017-0005.html"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5891", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5891.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4752", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4752.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4756", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4756.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0405", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0405.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4287", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4287.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0501", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0501.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3464", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3464.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3600", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3600.html", "https://bugzilla.suse.com/1029014", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2568", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2568.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2571", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2571.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4800", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4800.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4802", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4802.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2018-0735", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "5.9", "short_description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", "related_urls": ["https://www.openssl.org/news/secadv/20181029.txt", "http://www.securitytracker.com/id/1041986", "http://www.securityfocus.com/bid/105750", "https://security.netapp.com/advisory/ntap-20181105-0002/", "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "https://www.debian.org/security/2018/dsa-4348", "https://usn.ubuntu.com/3840-1/", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://access.redhat.com/errata/RHSA-2019:3700", "https://www.oracle.com/security-alerts/cpujan2020.html", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3462", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3462.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3463", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3463.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2442", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2442.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2444", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2444.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2438", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2438.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4214", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4214.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4910", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4910.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4913", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4913.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0503", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0503.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0498", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0498.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-0205", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0205.html", "https://bugzilla.suse.com/912293", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3810", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3810.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6500", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6500.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0405", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0405.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6474", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6474.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2582", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2582.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2611", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2611.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4862", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4862.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4864", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4864.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4866", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4866.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4870", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4870.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3244", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3244.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020877"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3258", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3258.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020875"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3265", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3265.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020885"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0412", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0412.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0420", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0420.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-3152", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-3152.html", "https://bugzilla.suse.com/1037590", "https://bugzilla.suse.com/1047059", "https://bugzilla.suse.com/1088681", "https://bugzilla.suse.com/924663", "https://bugzilla.suse.com/928962", "https://bugzilla.suse.com/936407"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-4737", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4737.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0224", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0224.html", "https://bugzilla.suse.com/1146657", "https://bugzilla.suse.com/880891", "https://bugzilla.suse.com/881743", "https://bugzilla.suse.com/883126", "https://bugzilla.suse.com/885777", "https://bugzilla.suse.com/892403", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/903703", "https://bugzilla.suse.com/905018", "https://bugzilla.suse.com/905106", "https://bugzilla.suse.com/914447", "https://bugzilla.suse.com/915913", "https://bugzilla.suse.com/916239"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-5584", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5584.html", "https://bugzilla.suse.com/1005558", "https://bugzilla.suse.com/1008318"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-6662", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-6662.html", "https://bugzilla.suse.com/1001367", "https://bugzilla.suse.com/1005580", "https://bugzilla.suse.com/1020873", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/1021755", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-7440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-7440.html", "https://bugzilla.suse.com/1005581", "https://bugzilla.suse.com/1008318"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2018-3061", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.securityfocus.com/bid/104785", "https://security.netapp.com/advisory/ntap-20180726-0002/", "http://www.securitytracker.com/id/1041294", "https://usn.ubuntu.com/3725-1/", "https://access.redhat.com/errata/RHSA-2018:3655"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-5860", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5860.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3318", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3318.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020896"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4243", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4243.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3811", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3811.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3812", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3812.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0381", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0381.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2440.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2450", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2450.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2014-0386", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0386.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2014-0393", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0393.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-3569", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3569.html", "https://bugzilla.suse.com/911399", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/986238"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2011-2262", "package": "amazon:mysql", "purl": "amazon:mysql", "package_type": "amazon", "package_usage": "N/A", "version": null, "fix_version": "5.1.61", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", "related_urls": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2262", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0087", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0101", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0112", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0113", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0115", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0116", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0118", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0120", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0485", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0492", "https://rhn.redhat.com/errata/RHSA-2012:0105.html"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3798", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3798.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0382", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0382.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-3571", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3571.html", "https://bugzilla.suse.com/912294", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-3572", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3572.html", "https://bugzilla.suse.com/912015", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0384", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0384.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2639", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2639.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2641", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2641.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-2643", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2643.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3635", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3635.html", "https://bugzilla.suse.com/1049397", "https://bugzilla.suse.com/1049398", "https://bugzilla.suse.com/1049422"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3636", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3636.html", "https://bugzilla.suse.com/1049399", "https://bugzilla.suse.com/1049422", "https://bugzilla.suse.com/1054591", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-1789", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-1789.html", "https://bugzilla.suse.com/934489", "https://bugzilla.suse.com/934666", "https://bugzilla.suse.com/936586", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/938432", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-1793", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-1793.html", "https://bugzilla.suse.com/936746", "https://bugzilla.suse.com/937637", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6474", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6474.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0385", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0385.html", "https://bugzilla.suse.com/914058"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0391", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0391.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-3570", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3570.html", "https://bugzilla.suse.com/912296", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/944456"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0507", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0507.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-5584", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5584.html", "https://bugzilla.suse.com/1005558", "https://bugzilla.suse.com/1008318"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-6662", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-6662.html", "https://bugzilla.suse.com/1001367", "https://bugzilla.suse.com/1005580", "https://bugzilla.suse.com/1020873", "https://bugzilla.suse.com/1020884", "https://bugzilla.suse.com/1021755", "https://bugzilla.suse.com/998309"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6500", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6500.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3313", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3313.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020890", "https://bugzilla.suse.com/1034911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2017-3317", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.54-0.35.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3317.html", "https://bugzilla.suse.com/1020868", "https://bugzilla.suse.com/1020894"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2013-3805", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3805.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2023-49803", "package": "@koa:cors", "purl": "@koa:cors", "package_type": "@koa", "package_usage": "N/A", "version": "<5.0.0", "fix_version": "5.0.0", "severity": "HIGH", "cvss_score": "7.5", "short_description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", "related_urls": ["https://github.com/koajs/cors/security/advisories/GHSA-qxrj-hx23-xp82", "https://github.com/koajs/cors/commit/f31dac99f5355c41e7d4dd3c4a80c5f154941a11", "https://nvd.nist.gov/vuln/detail/CVE-2023-49803", "https://github.com/advisories/GHSA-qxrj-hx23-xp82"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-2419", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2419.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0441", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0441.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4233", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4233.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4238", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4238.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3305", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3305.html", "https://bugzilla.suse.com/1029396", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1037590", "https://bugzilla.suse.com/924663"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3308", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.55-0.38.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3308.html", "https://bugzilla.suse.com/1034850", "https://bugzilla.suse.com/1048715"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2018-3071", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.securityfocus.com/bid/104784", "https://security.netapp.com/advisory/ntap-20180726-0002/", "http://www.securitytracker.com/id/1041294", "https://usn.ubuntu.com/3725-1/", "https://access.redhat.com/errata/RHSA-2018:3655"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6505", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6505.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6507", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6507.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0498", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0498.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2020-14672", "package": "rocky:mysql", "purl": "rocky:mysql", "package_type": "rocky", "package_usage": "N/A", "version": null, "fix_version": "8.0.26", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "related_urls": ["https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14672.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14765.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14769.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14775.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14776.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14777.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14785.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14786.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14789.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14790.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14791.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14793.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14794.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14800.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14804.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14809.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14812.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14814.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14821.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14828.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14829.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14830.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14836.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14837.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14838.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14839.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14844.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14845.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14846.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14848.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14852.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14860.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14861.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14866.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14867.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14868.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14870.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14873.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14888.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14891.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14893.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2001.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2002.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2010.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2011.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2021.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2022.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2024.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2028.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2030.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2031.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2032.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2036.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2038.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2042.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2046.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2048.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2055.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2056.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2058.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2060.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2061.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2065.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2070.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2072.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2076.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2081.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2087.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2088.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2122.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2146.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2164.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2166.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2169.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2170.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2171.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2172.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2174.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2178.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2179.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2180.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2193.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2194.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2196.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2201.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2202.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2203.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2208.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2212.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2213.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2215.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2217.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2226.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2230.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2232.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2278.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2298.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2299.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2300.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2301.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2304.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2305.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2307.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2308.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2339.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2340.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2342.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2352.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2354.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2356.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2357.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2367.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2370.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2372.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2374.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2383.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2384.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2385.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2387.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2389.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2390.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2399.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2402.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2410.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2412.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2417.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2418.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2422.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2424.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2425.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2426.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2427.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2429.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2437.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2440.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2441.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-2444.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35537.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-3615", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3615.html", "https://bugzilla.suse.com/989922", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-5440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5440.html", "https://bugzilla.suse.com/989926", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-9843", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.62-0.39.18.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-9843.html", "https://bugzilla.suse.com/1003580", "https://bugzilla.suse.com/1013882", "https://bugzilla.suse.com/1038505", "https://bugzilla.suse.com/1062104", "https://bugzilla.suse.com/1116686", "https://bugzilla.suse.com/1120866", "https://bugzilla.suse.com/1123150", "https://bugzilla.suse.com/1127473", "https://bugzilla.suse.com/1184301"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2018-3133", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.62-0.39.18.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2018-3133.html", "https://bugzilla.suse.com/1112369"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0402", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0402.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0382", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0382.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0412", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0412.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-0420", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0420.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4258", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4258.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4260", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4260.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4772", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4772.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-5860", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-5860.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2430", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2430.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2431", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2431.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-7440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.53-0.30.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-7440.html", "https://bugzilla.suse.com/1005581", "https://bugzilla.suse.com/1008318"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0411", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0411.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0423", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0423.html", "https://bugzilla.suse.com/927623"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-4819", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4819.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790", "https://bugzilla.suse.com/969667"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2015-4826", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4826.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3806", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3806.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2023-21977", "package": "oracle:mysql", "purl": "oracle:mysql", "package_type": "oracle", "package_usage": "N/A", "version": null, "fix_version": null, "severity": "MEDIUM", "cvss_score": "4.9", "short_description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.oracle.com/security-alerts/cpuapr2023.html", "https://security.netapp.com/advisory/ntap-20230427-0007/"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2648", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2648.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2661", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2661.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-2419", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "CRITICAL", "cvss_score": "9.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-2419.html", "https://bugzilla.suse.com/873896", "https://bugzilla.suse.com/999706"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-0432", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0432.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915911"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6463", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6463.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-6464", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6464.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3810", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3810.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4815", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4815.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4816", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4816.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958790"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2014-4243", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4243.html", "https://bugzilla.suse.com/887580"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4757", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4757.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4761", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4761.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4767", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.45-0.11.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4767.html", "https://bugzilla.suse.com/938412"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3802", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3802.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3804", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3804.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2016-0616", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.47-0.17.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0616.html", "https://bugzilla.suse.com/962779", "https://bugzilla.suse.com/962817", "https://bugzilla.suse.com/962930", "https://bugzilla.suse.com/962931", "https://bugzilla.suse.com/962932", "https://bugzilla.suse.com/962934", "https://bugzilla.suse.com/962935", "https://bugzilla.suse.com/962936", "https://bugzilla.suse.com/962937", "https://bugzilla.suse.com/962938", "https://bugzilla.suse.com/962939", "https://bugzilla.suse.com/962941", "https://bugzilla.suse.com/962942", "https://bugzilla.suse.com/962943", "https://bugzilla.suse.com/962944", "https://bugzilla.suse.com/962945", "https://bugzilla.suse.com/962946", "https://bugzilla.suse.com/962947", "https://bugzilla.suse.com/962948", "https://bugzilla.suse.com/962949", "https://bugzilla.suse.com/962950", "https://bugzilla.suse.com/962951", "https://bugzilla.suse.com/962952", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2013-3798", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3798.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4866", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4866.html", "https://bugzilla.suse.com/951391"], "occurrence_count": 0, "reachable_flows": 0} +{"id": "CVE-2015-4870", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.46-0.14.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-4870.html", "https://bugzilla.suse.com/951391", "https://bugzilla.suse.com/958789"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0647", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0647.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0648", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0648.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} {"id": "CVE-2016-0649", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0649.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-3653", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.57-0.39.3.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-3653.html", "https://bugzilla.suse.com/1049417", "https://bugzilla.suse.com/1049422", "https://bugzilla.suse.com/1054591", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-3615", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-3615.html", "https://bugzilla.suse.com/989922", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-5440", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.52-0.27.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-5440.html", "https://bugzilla.suse.com/989926", "https://bugzilla.suse.com/991616"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0431", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0431.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-0433", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-0433.html", "https://bugzilla.suse.com/858823"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0650", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0650.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0651", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0651.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0642", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0642.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2016-0643", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.49-0.20.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2016-0643.html", "https://bugzilla.suse.com/976341", "https://bugzilla.suse.com/980904"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4258", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4258.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-4260", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-4260.html", "https://bugzilla.suse.com/887580", "https://bugzilla.suse.com/915914"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6551", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6551.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6555", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6555.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2013-3794", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", "related_urls": ["https://www.suse.com/security/cve/CVE-2013-3794.html", "https://bugzilla.suse.com/830086"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-10268", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10268.html", "https://bugzilla.suse.com/1064101", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076505", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2017-10378", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.58-0.39.6.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "related_urls": ["https://www.suse.com/security/cve/CVE-2017-10378.html", "https://bugzilla.suse.com/1064115", "https://bugzilla.suse.com/1064119", "https://bugzilla.suse.com/1076505", "https://bugzilla.suse.com/1076506"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-6491", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-6491.html", "https://bugzilla.suse.com/901237", "https://bugzilla.suse.com/915912"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0385", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0385.html", "https://bugzilla.suse.com/914058"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-0391", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "HIGH", "cvss_score": "7.5", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-0391.html", "https://bugzilla.suse.com/914058", "https://bugzilla.suse.com/915913"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2014-3570", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "related_urls": ["https://www.suse.com/security/cve/CVE-2014-3570.html", "https://bugzilla.suse.com/912296", "https://bugzilla.suse.com/915848", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/937891", "https://bugzilla.suse.com/944456"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2568", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2568.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936409"], "occurrence_count": 0, "reachable_flows": 0} -{"id": "CVE-2015-2571", "package": "suse:mysql", "purl": "suse:mysql", "package_type": "suse", "package_usage": "N/A", "version": null, "fix_version": "5.5.39-0.7.1", "severity": "LOW", "cvss_score": "2.0", "short_description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", "related_urls": ["https://www.suse.com/security/cve/CVE-2015-2571.html", "https://bugzilla.suse.com/927623", "https://bugzilla.suse.com/936408"], "occurrence_count": 0, "reachable_flows": 0} diff --git a/server/reports/depscan.html b/server/reports/depscan.html index aae84c476..514f70c6a 100644 --- a/server/reports/depscan.html +++ b/server/reports/depscan.html @@ -6,8 +6,8 @@ .r1 {font-style: italic} .r2 {color: #800080; text-decoration-color: #800080; font-weight: bold} .r3 {color: #7c8082; text-decoration-color: #7c8082; font-style: italic} -.r5 {color: #ff753d; text-decoration-color: #ff753d; font-weight: bold} -.r6 {color: #ff0000; text-decoration-color: #ff0000} +.r4 {color: #ff0000; text-decoration-color: #ff0000} +.r6 {color: #ff753d; text-decoration-color: #ff753d; font-weight: bold} .r7 {color: #00875f; text-decoration-color: #00875f} .r8 {color: #5a7c90; text-decoration-color: #5a7c90} .r9 {color: #00ff00; text-decoration-color: #00ff00} @@ -23,770 +23,770 @@ ╔═══════════════════════════════════════════════════════════╤═══════════════════════════════════╤══════════════════════════╤═══════════════╤═════════╗ ║ Dependency Tree Insights Fix Version Severity Score ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3635 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2432 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3636 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2617 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2430 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2620 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2435 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2436 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4207 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2431 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6559 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4830 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4833 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4836 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0204 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 8.0.30 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2021-2478 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-10379 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-10268 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-10384 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-10378 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0508 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2566 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ chokidar@3.5.3 📓 Indirect dependency │ 6.0.2+~5.1.1-1 │ MEDIUM │ 5.0 ║ +║ └── glob-parent@5.1.2 ⬅ CVE-2021-35065 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4858 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4861 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6478 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4240 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0431 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6484 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0433 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4772 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6496 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4769 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6478 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4771 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6484 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2435 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2434 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2436 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3244 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4000 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3258 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6494 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3265 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6495 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6491 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3641 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3641 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3648 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3648 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4240 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2440 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0409 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0427 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0501 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4000 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0499 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0505 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0500 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0506 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-3477 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.0.0 │ HIGH │ 7.5 ║ +║ └── cors@2.8.5 ⬅ CVE-2023-49803 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-3521 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3291 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2432 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3312 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0666 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0433 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-2047 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0224 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0644 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2451 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0646 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6505 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0600 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6507 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0606 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-7744 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4815 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0502 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4816 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ +║ └── mysql@2.18.1 ⬅ CVE-2018-3071 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4730 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5908 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4766 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0001 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4792 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2438 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2566 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0508 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0640 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2582 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2611 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-3477 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-3521 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0641 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0642 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6463 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0643 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6464 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-4316 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0411 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-3152 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0423 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4737 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3801 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2573 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3809 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-1861 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6489 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3807 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3783 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3808 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0204 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6551 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6559 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6555 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3309 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-5483 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3329 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3302 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4274 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3238 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3243 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0409 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5908 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0401 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0001 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0438 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0503 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0439 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0596 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0505 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0597 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0546 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0598 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2012-5615 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0616 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ +║ └── mysql@2.18.1 ⬅ CVE-2023-21977 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5894 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0499 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0402 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0500 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4830 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ +║ └── mysql@2.18.1 ⬅ CVE-2018-3061 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4833 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4752 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4836 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4756 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4287 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3801 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-7744 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0596 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0502 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4757 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0597 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4761 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4767 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0598 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0430 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6530 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2451 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0381 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2434 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3809 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2617 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2620 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4274 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4879 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6564 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4890 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3811 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6496 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3812 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0608 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0650 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0609 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0651 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3651 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4233 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3652 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4238 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2576 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-1789 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2576 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-1793 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4730 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3795 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4766 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3796 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4792 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5881 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0430 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0640 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0641 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6568 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5882 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-8275 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2639 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0608 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2641 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0609 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2643 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6469 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 8.0.30 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2021-2478 │ 🧾 Vendor Confirmed │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3795 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3796 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.0.96-0.6.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2012-5611 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2012-5611 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.0.96-0.6.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2012-5612 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2012-5612 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.0.96-0.6.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2012-5613 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2012-5613 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0666 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-2047 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4800 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4895 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4802 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4904 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-1861 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4905 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3783 │ │ │ │ ║ +║ express@4.18.2 📓 Indirect dependency │ 0.7.6 │ HIGH │ 7.5 ║ +║ └── cookie@0.5.0 ⬅ CVE-2017-18589 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0286 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5891 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5881 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0288 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5882 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0432 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3793 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6520 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6520 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4858 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2648 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4861 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2661 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0437 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3462 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4207 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3463 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 8.0.26 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2020-14672 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6564 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4214 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0401 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0286 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0433 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0288 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0384 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ chokidar@3.5.3 📓 Indirect dependency │ 6.0.2+~5.1.1-1 │ MEDIUM │ 5.0 ║ -║ └── glob-parent@5.1.2 ⬅ CVE-2021-35065 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0644 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2450 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0646 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6469 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-10379 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3802 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-10384 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3804 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-3569 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4895 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3653 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4904 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4879 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4905 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-4316 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4890 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-5483 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3651 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3302 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3652 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3793 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3807 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2484 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3808 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2494 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0438 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0439 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0427 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0507 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6489 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3464 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3305 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3600 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3308 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3313 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3238 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3317 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3243 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3318 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6568 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2567 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-8275 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2442 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2573 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2444 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.62-0.39.18.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-9843 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4862 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.62-0.39.18.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2018-3133 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4864 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0505 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4910 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4913 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0546 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0600 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2012-5615 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0606 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3453 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3453 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3456 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3456 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3461 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3461 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2567 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3291 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3309 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3312 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3329 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0505 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5894 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0506 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0511 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0511 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2305 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2305 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6530 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6494 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-3571 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6495 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-3572 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2484 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0206 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2494 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0374 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ express@4.18.2 📓 Indirect dependency │ 0.7.6 │ HIGH │ 7.5 ║ -║ └── cookie@0.5.0 ⬅ CVE-2017-18589 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3806 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5891 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0441 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4752 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3794 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4756 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4769 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 5.9 ║ -║ └── mysql@2.18.1 ⬅ CVE-2018-0735 │ 🧾 Vendor Confirmed │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3462 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3463 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2442 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2444 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4771 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2438 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0437 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4214 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0206 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4910 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0374 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4913 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0405 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0205 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4287 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3810 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0501 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6500 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3464 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0405 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3600 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6474 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2582 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2568 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2611 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2571 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4862 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4800 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4864 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4802 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4866 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 5.9 ║ +║ └── mysql@2.18.1 ⬅ CVE-2018-0735 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4870 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0503 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3244 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0498 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3258 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0205 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3265 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2450 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0412 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0386 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0420 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0393 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-3152 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.1.61 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2011-2262 │ 🧾 Vendor Confirmed │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4737 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-3571 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0224 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-3572 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-5584 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0384 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-6662 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2639 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-7440 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2641 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ -║ └── mysql@2.18.1 ⬅ CVE-2018-3061 │ 🧾 Vendor Confirmed │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-2643 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-5860 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3635 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3318 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3636 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4243 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-1789 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3811 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-1793 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3812 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6474 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0381 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0385 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2440 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0391 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0386 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-3570 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0393 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0507 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-3569 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-5584 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.1.61 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2011-2262 │ 🧾 Vendor Confirmed │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-6662 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3798 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6500 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0382 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3313 │ │ │ │ ║ +╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.54-0.35.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2017-3317 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3805 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3805 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.0.0 │ HIGH │ 7.5 ║ -║ └── cors@2.8.5 ⬅ CVE-2023-49803 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-3615 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-2419 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-5440 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0441 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.62-0.39.18.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-9843 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4233 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.62-0.39.18.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2018-3133 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4238 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0402 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3305 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0382 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.55-0.38.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3308 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0412 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ -║ └── mysql@2.18.1 ⬅ CVE-2018-3071 │ 🧾 Vendor Confirmed │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-0420 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6505 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4258 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6507 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0498 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4260 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 8.0.26 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2020-14672 │ 🧾 Vendor Confirmed │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4819 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-4826 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4772 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3806 │ │ │ │ ║ -╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ │ MEDIUM │ 4.9 ║ -║ └── mysql@2.18.1 ⬅ CVE-2023-21977 │ 🧾 Vendor Confirmed │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-5860 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2648 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2430 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2661 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2431 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0647 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.53-0.30.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-7440 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0648 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0411 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0649 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0423 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.57-0.39.3.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-3653 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4819 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-3615 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4826 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.52-0.27.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-5440 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ CRITICAL9.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-2419 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0431 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-0432 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-0433 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6463 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0650 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-6464 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0651 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3810 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0642 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4815 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2016-0643 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4816 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4258 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2014-4243 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-4260 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4757 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6551 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4761 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6555 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.45-0.11.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4767 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2013-3794 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3802 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-10268 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3804 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.58-0.39.6.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2017-10378 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.47-0.17.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0616 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ ║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-6491 │ │ │ │ ║ +║ └── mysql@2.18.1 ⬅ CVE-2013-3798 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0385 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4866 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ HIGH │ 7.5 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-0391 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.46-0.14.1 │ MEDIUM │ 5.0 ║ +║ └── mysql@2.18.1 ⬅ CVE-2015-4870 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2014-3570 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0647 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ MEDIUM │ 5.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2568 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0648 │ │ │ │ ║ ╟───────────────────────────────────────────────────────────┼───────────────────────────────────┼──────────────────────────┼───────────────┼─────────╢ -║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.39-0.7.1 │ LOW │ 2.0 ║ -║ └── mysql@2.18.1 ⬅ CVE-2015-2571 │ │ │ │ ║ +║ server@1.0.0 │ 🎯 Direct dependency │ 5.5.49-0.20.1 │ HIGH │ 7.5 ║ +║ └── mysql@2.18.1 ⬅ CVE-2016-0649 │ │ │ │ ║ ╚═══════════════════════════════════════════════════════════╧═══════════════════════════════════╧══════════════════════════╧═══════════════╧═════════╝ ╭──────────────────────────────────── Recommendation ────────────────────────────────────╮ diff --git a/server/reports/report_20231220090143066.json b/server/reports/report_20231220090143066.json new file mode 100644 index 000000000..0ff5feaa5 --- /dev/null +++ b/server/reports/report_20231220090143066.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:491dcaf6-eda7-4177-a34c-849e34d9baae", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:01:39.592Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220090218531.json b/server/reports/report_20231220090218531.json new file mode 100644 index 000000000..3133204f7 --- /dev/null +++ b/server/reports/report_20231220090218531.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:bad3f3a8-3268-4100-ace3-4d36348246ee", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:02:14.883Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220090356353.json b/server/reports/report_20231220090356353.json new file mode 100644 index 000000000..597715c4f --- /dev/null +++ b/server/reports/report_20231220090356353.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:a8b0f7c0-ad16-4f63-8039-5991313835b1", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:03:53.161Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220090437227.json b/server/reports/report_20231220090437227.json new file mode 100644 index 000000000..acc5248a3 --- /dev/null +++ b/server/reports/report_20231220090437227.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:ee7c031b-a392-4c34-804e-b1e93f06a363", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:04:33.924Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220090927511.json b/server/reports/report_20231220090927511.json new file mode 100644 index 000000000..13c0a9fd0 --- /dev/null +++ b/server/reports/report_20231220090927511.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:fc818235-0069-46af-9e46-5d2d2f21f804", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:09:24.138Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220092545798.json b/server/reports/report_20231220092545798.json new file mode 100644 index 000000000..86efdec4f --- /dev/null +++ b/server/reports/report_20231220092545798.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:fb9dc29f-7ac5-4175-8e11-55b34b69f6f3", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:25:42.586Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/report_20231220092646734.json b/server/reports/report_20231220092646734.json new file mode 100644 index 000000000..89a358cc9 --- /dev/null +++ b/server/reports/report_20231220092646734.json @@ -0,0 +1,15601 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:71ac8af0-4401-4b7e-a395-a1f2d08c6f1c", + "version": 2, + "metadata": { + "timestamp": "2023-12-20T09:26:43.428Z", + "tools": { + "components": [ + { + "group": "@cyclonedx", + "name": "cdxgen", + "version": "9.9.6", + "purl": "pkg:npm/%40cyclonedx/cdxgen@9.9.6", + "type": "application", + "bom-ref": "pkg:npm/@cyclonedx/cdxgen@9.9.6", + "author": "OWASP Foundation", + "publisher": "OWASP Foundation" + }, + { + "type": "application", + "name": "owasp-depscan", + "version": "5.0.4", + "purl": "pkg:pypi/owasp-depscan@5.0.4", + "bom-ref": "pkg:pypi/owasp-depscan@5.0.4" + } + ] + }, + "authors": [ + { + "name": "OWASP Foundation" + } + ], + "component": { + "author": "", + "group": "", + "name": "server", + "version": "1.0.0", + "type": "application", + "purl": "pkg:npm/server@1.0.0", + "bom-ref": "pkg:npm/server@1.0.0", + "components": [] + } + }, + "components": [ + { + "group": "", + "name": "cors", + "version": "2.8.5", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "2881db2c9aaeef7446aff8676eb3bdb817a2c4d1aebd2423ba5fe3745bd2fca152207d615957759e0ef3387c7e62b11f2272c6eeae27e861d0f5c0edc6ffcfea" + } + ], + "purl": "pkg:npm/cors@2.8.5", + "type": "library", + "bom-ref": "pkg:npm/cors@2.8.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "cors" + } + ] + }, + { + "group": "", + "name": "object-assign", + "version": "4.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "type": "library", + "bom-ref": "pkg:npm/object-assign@4.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "vary", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/vary@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "express", + "version": "4.18.2", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7f3ec2fa8863dd7d0fe528cd54ba27a5620bf7054a097f3d5a53053dbc767e27b832bf07505c510120421ac5e19fd0621cade013372044c6d6a58ac0dbb8ca9" + } + ], + "purl": "pkg:npm/express@4.18.2", + "type": "framework", + "bom-ref": "pkg:npm/express@4.18.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "express" + } + ] + }, + { + "group": "", + "name": "accepts", + "version": "1.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "type": "library", + "bom-ref": "pkg:npm/accepts@1.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-types", + "version": "2.1.35", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "type": "library", + "bom-ref": "pkg:npm/mime-types@2.1.35", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime-db", + "version": "1.52.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "type": "library", + "bom-ref": "pkg:npm/mime-db@1.52.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "negotiator", + "version": "0.6.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "type": "library", + "bom-ref": "pkg:npm/negotiator@0.6.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "array-flatten", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/array-flatten@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "body-parser", + "version": "1.20.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d68bb69b4db6306a33b2b56090737ed5ba599689169ee51c93a5a0b20dc4b9fe531db704b3e653a90c4ebbb2bc3f1d87b7e5fd73ddf0d0c3ededc60ee036d5b" + } + ], + "purl": "pkg:npm/body-parser@1.20.1", + "type": "library", + "bom-ref": "pkg:npm/body-parser@1.20.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bytes", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/bytes@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-type", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/content-type@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "2.6.9", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "type": "library", + "bom-ref": "pkg:npm/debug@2.6.9", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/ms@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "depd", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/depd@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "destroy", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/destroy@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "http-errors", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/http-errors@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "inherits", + "version": "2.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "type": "library", + "bom-ref": "pkg:npm/inherits@2.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "setprototypeof", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/setprototypeof@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "statuses", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "type": "library", + "bom-ref": "pkg:npm/statuses@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "toidentifier", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/toidentifier@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "iconv-lite", + "version": "0.4.24", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "type": "library", + "bom-ref": "pkg:npm/iconv-lite@0.4.24", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safer-buffer", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/safer-buffer@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "on-finished", + "version": "2.4.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "type": "library", + "bom-ref": "pkg:npm/on-finished@2.4.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ee-first", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/ee-first@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "qs", + "version": "6.11.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "purl": "pkg:npm/qs@6.11.0", + "type": "library", + "bom-ref": "pkg:npm/qs@6.11.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "side-channel", + "version": "1.0.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab95cfcada85108287906762308ad8d749af2d1be7421e36ffe1a8065156ddbd8b5cb136c71269645766f78c1ed016a85774702721aa839c12edea714efd19bf" + } + ], + "purl": "pkg:npm/side-channel@1.0.4", + "type": "library", + "bom-ref": "pkg:npm/side-channel@1.0.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "call-bind", + "version": "1.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b79d0c5f159c45455a09a0628a23ccb730e128d76f4d43e160434f22c9ef8c938ccd65919d8dfb34e9b553afe0c14a503ae90d9511c3248bf71408fe127ab71" + } + ], + "purl": "pkg:npm/call-bind@1.0.5", + "type": "library", + "bom-ref": "pkg:npm/call-bind@1.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "function-bind", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/function-bind@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "get-intrinsic", + "version": "1.2.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d204a8e2697fd23f7c637967824144a2dff386209e5ac6d822567eb993958332f22da530ef0c542fe9c24cfd1726f260d405ee949448dd4262f06b1b0eec5d18" + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.2", + "type": "library", + "bom-ref": "pkg:npm/get-intrinsic@1.2.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-proto", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eea13e88ff8ef9b805f5c944e7e528045cc4eb99a5062563ded282ae5350d0e8309b4063a53fe02b84a52d80ccc9b0e1e48dd30932a73cf6b4a0c1bb24362b86" + } + ], + "purl": "pkg:npm/has-proto@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-proto@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-symbols", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/has-symbols@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "hasown", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd4a6d2954e920985c7332816e09d2f91b5cb98301f3ea0dccf2b6fc7a7785a9f3f099a90137669a02e049a69d5511240e6f9eda0887c18dd9464ca34880c314" + } + ], + "purl": "pkg:npm/hasown@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/hasown@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "set-function-length", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5686aa8db0492a25ad838c9170a050ee0ef09c69cb57733ca0bbd55b03a4d8f75863a3c415e811d6f7b35d1d2dc3a7d9185f5cb156a42118eb262cb6bde48115" + } + ], + "purl": "pkg:npm/set-function-length@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/set-function-length@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "define-data-property", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13bb86913ce49357740722de49ce99b054bbf40c60fa6d4ffd5b2062cc47822b9cded1528fe323308c1ef74142e25380673341758ee490ed8fdb029db10d6f81" + } + ], + "purl": "pkg:npm/define-data-property@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/define-data-property@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "gopd", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/gopd@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-property-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "56c5fc79a21ec2f6acd319ef8a701ef5bc3859f21e383a466229225982c7f9d99ad09c3a28762a5a259f8509603952bc0fa3ef8ee6cae547383f488884870d56" + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/has-property-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "object-inspect", + "version": "1.13.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "type": "library", + "bom-ref": "pkg:npm/object-inspect@1.13.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "raw-body", + "version": "2.5.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa241b44c95812d1998f19d0853d627716b7a8aaf1b83154259ff902805ece96af7921b3a9d3f056c8cc1b76d9f8553be433c63b921090d97824fed72b0978a" + } + ], + "purl": "pkg:npm/raw-body@2.5.1", + "type": "library", + "bom-ref": "pkg:npm/raw-body@2.5.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "unpipe", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/unpipe@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "type-is", + "version": "1.6.18", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "type": "library", + "bom-ref": "pkg:npm/type-is@1.6.18", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "media-typer", + "version": "0.3.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "type": "library", + "bom-ref": "pkg:npm/media-typer@0.3.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "content-disposition", + "version": "0.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "type": "library", + "bom-ref": "pkg:npm/content-disposition@0.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie", + "version": "0.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "619dc65329ffa3c81f289967957ee0ef1ab88323ba392ba118f29a686b2c181daa803512d203e0b53be8c992d3b7d01be9d0b885f73d755e5aae4bdcfce0a6af" + } + ], + "purl": "pkg:npm/cookie@0.5.0", + "type": "library", + "bom-ref": "pkg:npm/cookie@0.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "cookie-signature", + "version": "1.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "type": "library", + "bom-ref": "pkg:npm/cookie-signature@1.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "encodeurl", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/encodeurl@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "escape-html", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/escape-html@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "etag", + "version": "1.8.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "type": "library", + "bom-ref": "pkg:npm/etag@1.8.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "finalhandler", + "version": "1.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "type": "library", + "bom-ref": "pkg:npm/finalhandler@1.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "parseurl", + "version": "1.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "type": "library", + "bom-ref": "pkg:npm/parseurl@1.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fresh", + "version": "0.5.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "type": "library", + "bom-ref": "pkg:npm/fresh@0.5.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "merge-descriptors", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/merge-descriptors@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "methods", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/methods@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "path-to-regexp", + "version": "0.1.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "type": "library", + "bom-ref": "pkg:npm/path-to-regexp@0.1.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "proxy-addr", + "version": "2.0.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "type": "library", + "bom-ref": "pkg:npm/proxy-addr@2.0.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "forwarded", + "version": "0.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "type": "library", + "bom-ref": "pkg:npm/forwarded@0.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ipaddr.js", + "version": "1.9.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "type": "library", + "bom-ref": "pkg:npm/ipaddr.js@1.9.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "range-parser", + "version": "1.2.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "type": "library", + "bom-ref": "pkg:npm/range-parser@1.2.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "send", + "version": "0.18.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "purl": "pkg:npm/send@0.18.0", + "type": "library", + "bom-ref": "pkg:npm/send@0.18.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mime", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/mime@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "serve-static", + "version": "1.15.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "type": "library", + "bom-ref": "pkg:npm/serve-static@1.15.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "utils-merge", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/utils-merge@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fs", + "version": "0.0.1-security", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd763d7b5a4fd02544502763e4199f219c51053483c9c9dbaa120e19e73d418b66547d9f6cba63f3a0855a4acd3a4b7f16fb72e0a646e654e094bf63fe027cef" + } + ], + "purl": "pkg:npm/fs@0.0.1-security", + "type": "library", + "bom-ref": "pkg:npm/fs@0.0.1-security", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "fs" + } + ] + }, + { + "group": "", + "name": "multer", + "version": "1.4.5-lts.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb03d6bdc0cc787fb3f6042ae6a607082cbe7ad86c9388287a9678e462c3eb77cebb461c35e710c62eb89c3b37aa5b9907e9aeac6dff0f8749efe74672d70241" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.1", + "type": "library", + "bom-ref": "pkg:npm/multer@1.4.5-lts.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "append-field", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "925a6015258b5b5644b3cb2f8df6fb838a96634612e62988f3675383e41a854bc9f18a806343f5d1493cb53ca1f591ae60464431a789602179045b97e79da1b3" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/append-field@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "busboy", + "version": "1.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f121506e0ff4850f71cb750d4c1d18127b0d05b59f85fed1b67ce92fb4e40624c145fad0f45c5c9f3ed526c95e269ca9eab54bbd78ae391aa39478b9abe3d8b8" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "type": "library", + "bom-ref": "pkg:npm/busboy@1.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "streamsearch", + "version": "1.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "31c739c077a1a7d697cf56b1e9b654c98e5a7e0f6edabbf972a408de646b624182f2b5b684cd368d6bb08ed2fef8b4b9aa29d2ca18f641f2f236cb9cf95b04c6" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "type": "library", + "bom-ref": "pkg:npm/streamsearch@1.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-stream", + "version": "1.6.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbb1c18212718e266d224dd872f9ffe246c993fd6e66e2457ee3c49ece8b684be9bc6d5fd214de6bc96296ba2eca8f6655cd8659d70467c38ba0699200396b0b" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "type": "library", + "bom-ref": "pkg:npm/concat-stream@1.6.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "buffer-from", + "version": "1.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "type": "library", + "bom-ref": "pkg:npm/buffer-from@1.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "safe-buffer", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/safe-buffer@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "core-util-is", + "version": "1.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "type": "library", + "bom-ref": "pkg:npm/core-util-is@1.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "isarray", + "version": "1.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "type": "library", + "bom-ref": "pkg:npm/isarray@1.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "process-nextick-args", + "version": "2.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "type": "framework", + "bom-ref": "pkg:npm/process-nextick-args@2.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "string_decoder", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/string_decoder@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "util-deprecate", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/util-deprecate@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "typedarray", + "version": "0.0.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fda0831066ad1af67604893e1e62dfe227c2245c2f28535bf7f25e64f32e95f805ada727f5015c01fe463bc07f9b07948d2a1b952e489f471686aa5fb3fe4f40" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "type": "library", + "bom-ref": "pkg:npm/typedarray@0.0.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mkdirp", + "version": "0.5.6", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "type": "library", + "bom-ref": "pkg:npm/mkdirp@0.5.6", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimist", + "version": "1.2.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "type": "library", + "bom-ref": "pkg:npm/minimist@1.2.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "xtend", + "version": "4.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "type": "library", + "bom-ref": "pkg:npm/xtend@4.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "mysql", + "version": "2.18.1", + "scope": "required", + "hashes": [ + { + "alg": "SHA-512", + "content": "05c6be824d985a6aa9d947fa93934512eaf063fd2d77472979b02e705a58ff78e1af0ad51aec54dae4050878d4d7d4897e37b4c90be2fab55676aefc851e658a" + } + ], + "purl": "pkg:npm/mysql@2.18.1", + "type": "library", + "bom-ref": "pkg:npm/mysql@2.18.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + }, + { + "name": "ImportedModules", + "value": "mysql" + } + ] + }, + { + "group": "", + "name": "readable-stream", + "version": "2.3.7", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f" + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "type": "library", + "bom-ref": "pkg:npm/readable-stream@2.3.7", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "bignumber.js", + "version": "9.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7f398861276483f9818141c8d8f06cf30c7124f5fde77abc63b5f6bab653177deedfaecfd6a3386f08da06be93343f76cd7f71aae5944c946af97f7af8fcdf0" + } + ], + "purl": "pkg:npm/bignumber.js@9.0.0", + "type": "library", + "bom-ref": "pkg:npm/bignumber.js@9.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "sqlstring", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2803387feddc481b9fae0e2935cff45dd6f962d3edfc8b36611b349adf817047b21b7a53d608229234897c8e52ff17b111bf2f020768cd78cd44f62f665cc01" + } + ], + "purl": "pkg:npm/sqlstring@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/sqlstring@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nodemon", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6a20dd8b353ac4ce938f05a5874e6e00b32d4bc572d289c9194ad010e0865eef3b282290ff03b2d6c61655dede19bb7e76b8172a56746c0d748c47649cde54c" + } + ], + "purl": "pkg:npm/nodemon@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/nodemon@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "debug", + "version": "4.3.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "purl": "pkg:npm/debug@4.3.4", + "type": "library", + "bom-ref": "pkg:npm/debug@4.3.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ms", + "version": "2.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "purl": "pkg:npm/ms@2.1.2", + "type": "library", + "bom-ref": "pkg:npm/ms@2.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "chokidar", + "version": "3.5.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "type": "library", + "bom-ref": "pkg:npm/chokidar@3.5.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "anymatch", + "version": "3.1.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "type": "library", + "bom-ref": "pkg:npm/anymatch@3.1.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "normalize-path", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/normalize-path@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "picomatch", + "version": "2.3.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "type": "library", + "bom-ref": "pkg:npm/picomatch@2.3.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "braces", + "version": "3.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "purl": "pkg:npm/braces@3.0.2", + "type": "library", + "bom-ref": "pkg:npm/braces@3.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fill-range", + "version": "7.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "type": "library", + "bom-ref": "pkg:npm/fill-range@7.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "to-regex-range", + "version": "5.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "type": "library", + "bom-ref": "pkg:npm/to-regex-range@5.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-number", + "version": "7.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "type": "library", + "bom-ref": "pkg:npm/is-number@7.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "glob-parent", + "version": "5.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "type": "library", + "bom-ref": "pkg:npm/glob-parent@5.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-glob", + "version": "4.0.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "type": "library", + "bom-ref": "pkg:npm/is-glob@4.0.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-extglob", + "version": "2.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "type": "library", + "bom-ref": "pkg:npm/is-extglob@2.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "is-binary-path", + "version": "2.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "type": "library", + "bom-ref": "pkg:npm/is-binary-path@2.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "binary-extensions", + "version": "2.2.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "8c372d27f21541b6682729287876e15e93a5341a8635cc1724a268838d84e470cf53041349d8c21dd8a18e3d0396785e43b6e56d3e9d1ce69f340892f28a1028" + } + ], + "purl": "pkg:npm/binary-extensions@2.2.0", + "type": "library", + "bom-ref": "pkg:npm/binary-extensions@2.2.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "readdirp", + "version": "3.6.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "type": "library", + "bom-ref": "pkg:npm/readdirp@3.6.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "fsevents", + "version": "2.3.3", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "type": "library", + "bom-ref": "pkg:npm/fsevents@2.3.3", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "ignore-by-default", + "version": "1.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "22eb36558706364ed3f740a9a49a9c2244b9a281d46722102be0a565f31f30d14417d55213bdc5abef74eaefc25aef76c7883364c58ec1f1587243ce6f37446c" + } + ], + "purl": "pkg:npm/ignore-by-default@1.0.1", + "type": "library", + "bom-ref": "pkg:npm/ignore-by-default@1.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "minimatch", + "version": "3.1.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "type": "library", + "bom-ref": "pkg:npm/minimatch@3.1.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "brace-expansion", + "version": "1.1.11", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "type": "library", + "bom-ref": "pkg:npm/brace-expansion@1.1.11", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "balanced-match", + "version": "1.0.2", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "type": "library", + "bom-ref": "pkg:npm/balanced-match@1.0.2", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "concat-map", + "version": "0.0.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "type": "library", + "bom-ref": "pkg:npm/concat-map@0.0.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "pstree.remy", + "version": "1.1.8", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "efb0d9c31426c4a9eedda479e3653e5fc172a4dcdb7c9f82e57403937b968d6c67eb5e75688306b615984574ea4f5139a09be0fa58da6b63898be55fbc2390f3" + } + ], + "purl": "pkg:npm/pstree.remy@1.1.8", + "type": "library", + "bom-ref": "pkg:npm/pstree.remy@1.1.8", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "semver", + "version": "7.5.4", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b09211257a3effa2db51efa71a770f1fa9483f2520fb7cb958d1af1014b7f9dbb3061cfad2ba6366ed8942e3778f9f9ead793d7fa7a900c2ece7eded693070" + } + ], + "purl": "pkg:npm/semver@7.5.4", + "type": "library", + "bom-ref": "pkg:npm/semver@7.5.4", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "lru-cache", + "version": "6.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "268e9d274e029928eece7c09492de951e5a677f1f47df4e59175e0c198be7aad540a6a90c0287e78bb183980b063df758b615a878875044302c78a938466ec88" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "type": "library", + "bom-ref": "pkg:npm/lru-cache@6.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "yallist", + "version": "4.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "type": "library", + "bom-ref": "pkg:npm/yallist@4.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "simple-update-notifier", + "version": "2.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b607d6342a535797dbbfbec5bab1322ef6f184a5f2aedb0455ea5d47dd711ab3fd20508cc6cc1a0ffc8a2e4dc5106e6f495992c7dc23b1ca7d374d89456b1eb" + } + ], + "purl": "pkg:npm/simple-update-notifier@2.0.0", + "type": "library", + "bom-ref": "pkg:npm/simple-update-notifier@2.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "supports-color", + "version": "5.5.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "type": "library", + "bom-ref": "pkg:npm/supports-color@5.5.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "has-flag", + "version": "3.0.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "type": "library", + "bom-ref": "pkg:npm/has-flag@3.0.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "touch", + "version": "3.1.0", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "581c7c532e532ed39246d22af8cd37fec283ad708b1f1c0372ab923f6738dcb7b4dfff6c7ab8d0048ced8d1cfa16425ecfd0ff8657b20174c118bc30654c3d94" + } + ], + "purl": "pkg:npm/touch@3.1.0", + "type": "library", + "bom-ref": "pkg:npm/touch@3.1.0", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "nopt", + "version": "1.0.10", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "3569a9bcb4aa52b82b002f470aec44bdbf8f4a5a07a6a56ef85a9c3b879e176879a9846103b7afe8abde9724002ad7a051b0ba472a499e510e85df2f96834a62" + } + ], + "purl": "pkg:npm/nopt@1.0.10", + "type": "library", + "bom-ref": "pkg:npm/nopt@1.0.10", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "abbrev", + "version": "1.1.1", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e77bdfc8890fe1cc8858ea97439db06dcfb0e33d32ab634d0fff3bcf4a6e69385925eb1b86ac69d79ff56d4cd35f36d01f67dff546d7a192ccd4f6a7138a2d1" + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "type": "library", + "bom-ref": "pkg:npm/abbrev@1.1.1", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + }, + { + "group": "", + "name": "undefsafe", + "version": "2.0.5", + "scope": "optional", + "hashes": [ + { + "alg": "SHA-512", + "content": "5b138d0abb2c04cf1348f46a379126b2356bb2fe00f17d7627802b06289acafdc3cb21b7665220eb2cacbae498759b15cf74ca7138367ddfff52377808757588" + } + ], + "purl": "pkg:npm/undefsafe@2.0.5", + "type": "library", + "bom-ref": "pkg:npm/undefsafe@2.0.5", + "properties": [ + { + "name": "SrcFile", + "value": "/home/gaurangi/Study Material/GUI/sbom-electron-gui/server/package-lock.json" + } + ] + } + ], + "services": [], + "dependencies": [ + { + "ref": "pkg:npm/object-assign@4.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/vary@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cors@2.8.5", + "dependsOn": [ + "pkg:npm/object-assign@4.1.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/mime-db@1.52.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime-types@2.1.35", + "dependsOn": [ + "pkg:npm/mime-db@1.52.0" + ] + }, + { + "ref": "pkg:npm/negotiator@0.6.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/accepts@1.3.8", + "dependsOn": [ + "pkg:npm/mime-types@2.1.35", + "pkg:npm/negotiator@0.6.3" + ] + }, + { + "ref": "pkg:npm/array-flatten@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/bytes@3.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-type@1.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/debug@2.6.9", + "dependsOn": [ + "pkg:npm/ms@2.0.0" + ] + }, + { + "ref": "pkg:npm/depd@2.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/destroy@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/inherits@2.0.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/setprototypeof@1.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/statuses@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/toidentifier@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/http-errors@2.0.0", + "dependsOn": [ + "pkg:npm/depd@2.0.0", + "pkg:npm/inherits@2.0.4", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/toidentifier@1.0.1" + ] + }, + { + "ref": "pkg:npm/safer-buffer@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/iconv-lite@0.4.24", + "dependsOn": [ + "pkg:npm/safer-buffer@2.1.2" + ] + }, + { + "ref": "pkg:npm/ee-first@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/on-finished@2.4.1", + "dependsOn": [ + "pkg:npm/ee-first@1.1.1" + ] + }, + { + "ref": "pkg:npm/function-bind@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-proto@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/has-symbols@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/hasown@2.0.0", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2" + ] + }, + { + "ref": "pkg:npm/get-intrinsic@1.2.2", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/has-proto@1.0.1", + "pkg:npm/has-symbols@1.0.3", + "pkg:npm/hasown@2.0.0" + ] + }, + { + "ref": "pkg:npm/gopd@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/has-property-descriptors@1.0.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2" + ] + }, + { + "ref": "pkg:npm/define-data-property@1.1.1", + "dependsOn": [ + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/set-function-length@1.1.1", + "dependsOn": [ + "pkg:npm/define-data-property@1.1.1", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/gopd@1.0.1", + "pkg:npm/has-property-descriptors@1.0.1" + ] + }, + { + "ref": "pkg:npm/call-bind@1.0.5", + "dependsOn": [ + "pkg:npm/function-bind@1.1.2", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/set-function-length@1.1.1" + ] + }, + { + "ref": "pkg:npm/object-inspect@1.13.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/side-channel@1.0.4", + "dependsOn": [ + "pkg:npm/call-bind@1.0.5", + "pkg:npm/get-intrinsic@1.2.2", + "pkg:npm/object-inspect@1.13.1" + ] + }, + { + "ref": "pkg:npm/qs@6.11.0", + "dependsOn": [ + "pkg:npm/side-channel@1.0.4" + ] + }, + { + "ref": "pkg:npm/unpipe@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/raw-body@2.5.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/media-typer@0.3.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/type-is@1.6.18", + "dependsOn": [ + "pkg:npm/media-typer@0.3.0", + "pkg:npm/mime-types@2.1.35" + ] + }, + { + "ref": "pkg:npm/body-parser@1.20.1", + "dependsOn": [ + "pkg:npm/bytes@3.1.2", + "pkg:npm/content-type@1.0.5", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/iconv-lite@0.4.24", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/qs@6.11.0", + "pkg:npm/raw-body@2.5.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/safe-buffer@5.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/content-disposition@0.5.4", + "dependsOn": [ + "pkg:npm/safe-buffer@5.2.1" + ] + }, + { + "ref": "pkg:npm/cookie@0.5.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/cookie-signature@1.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/encodeurl@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/escape-html@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/etag@1.8.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/parseurl@1.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/finalhandler@1.2.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/statuses@2.0.1", + "pkg:npm/unpipe@1.0.0" + ] + }, + { + "ref": "pkg:npm/fresh@0.5.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/merge-descriptors@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/methods@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/path-to-regexp@0.1.7", + "dependsOn": [] + }, + { + "ref": "pkg:npm/forwarded@0.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ipaddr.js@1.9.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/proxy-addr@2.0.7", + "dependsOn": [ + "pkg:npm/forwarded@0.2.0", + "pkg:npm/ipaddr.js@1.9.1" + ] + }, + { + "ref": "pkg:npm/range-parser@1.2.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mime@1.6.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/send@0.18.0", + "dependsOn": [ + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/destroy@1.2.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/mime@1.6.0", + "pkg:npm/ms@2.1.3", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/statuses@2.0.1" + ] + }, + { + "ref": "pkg:npm/serve-static@1.15.0", + "dependsOn": [ + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/send@0.18.0" + ] + }, + { + "ref": "pkg:npm/utils-merge@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/express@4.18.2", + "dependsOn": [ + "pkg:npm/accepts@1.3.8", + "pkg:npm/array-flatten@1.1.1", + "pkg:npm/body-parser@1.20.1", + "pkg:npm/content-disposition@0.5.4", + "pkg:npm/content-type@1.0.5", + "pkg:npm/cookie-signature@1.0.6", + "pkg:npm/cookie@0.5.0", + "pkg:npm/debug@2.6.9", + "pkg:npm/depd@2.0.0", + "pkg:npm/encodeurl@1.0.2", + "pkg:npm/escape-html@1.0.3", + "pkg:npm/etag@1.8.1", + "pkg:npm/finalhandler@1.2.0", + "pkg:npm/fresh@0.5.2", + "pkg:npm/http-errors@2.0.0", + "pkg:npm/merge-descriptors@1.0.1", + "pkg:npm/methods@1.1.2", + "pkg:npm/on-finished@2.4.1", + "pkg:npm/parseurl@1.3.3", + "pkg:npm/path-to-regexp@0.1.7", + "pkg:npm/proxy-addr@2.0.7", + "pkg:npm/qs@6.11.0", + "pkg:npm/range-parser@1.2.1", + "pkg:npm/safe-buffer@5.2.1", + "pkg:npm/send@0.18.0", + "pkg:npm/serve-static@1.15.0", + "pkg:npm/setprototypeof@1.2.0", + "pkg:npm/statuses@2.0.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/utils-merge@1.0.1", + "pkg:npm/vary@1.1.2" + ] + }, + { + "ref": "pkg:npm/fs@0.0.1-security", + "dependsOn": [] + }, + { + "ref": "pkg:npm/append-field@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/streamsearch@1.1.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/busboy@1.6.0", + "dependsOn": [ + "pkg:npm/streamsearch@1.1.0" + ] + }, + { + "ref": "pkg:npm/buffer-from@1.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/safe-buffer@5.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/core-util-is@1.0.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/isarray@1.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/process-nextick-args@2.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/string_decoder@1.1.1", + "dependsOn": [ + "pkg:npm/safe-buffer@5.1.2" + ] + }, + { + "ref": "pkg:npm/util-deprecate@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/readable-stream@2.3.8", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/typedarray@0.0.6", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-stream@1.6.2", + "dependsOn": [ + "pkg:npm/buffer-from@1.1.2", + "pkg:npm/inherits@2.0.4", + "pkg:npm/readable-stream@2.3.8", + "pkg:npm/typedarray@0.0.6" + ] + }, + { + "ref": "pkg:npm/minimist@1.2.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mkdirp@0.5.6", + "dependsOn": [ + "pkg:npm/minimist@1.2.8" + ] + }, + { + "ref": "pkg:npm/xtend@4.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/multer@1.4.5-lts.1", + "dependsOn": [ + "pkg:npm/append-field@1.0.0", + "pkg:npm/busboy@1.6.0", + "pkg:npm/concat-stream@1.6.2", + "pkg:npm/mkdirp@0.5.6", + "pkg:npm/object-assign@4.1.1", + "pkg:npm/type-is@1.6.18", + "pkg:npm/xtend@4.0.2" + ] + }, + { + "ref": "pkg:npm/readable-stream@2.3.7", + "dependsOn": [ + "pkg:npm/core-util-is@1.0.3", + "pkg:npm/inherits@2.0.4", + "pkg:npm/isarray@1.0.0", + "pkg:npm/process-nextick-args@2.0.1", + "pkg:npm/string_decoder@1.1.1", + "pkg:npm/util-deprecate@1.0.2" + ] + }, + { + "ref": "pkg:npm/bignumber.js@9.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/sqlstring@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/mysql@2.18.1", + "dependsOn": [ + "pkg:npm/bignumber.js@9.0.0", + "pkg:npm/readable-stream@2.3.7", + "pkg:npm/safe-buffer@5.1.2", + "pkg:npm/sqlstring@2.3.1" + ] + }, + { + "ref": "pkg:npm/debug@4.3.4", + "dependsOn": [] + }, + { + "ref": "pkg:npm/ms@2.1.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/normalize-path@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/picomatch@2.3.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/anymatch@3.1.3", + "dependsOn": [ + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/is-number@7.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/to-regex-range@5.0.1", + "dependsOn": [ + "pkg:npm/is-number@7.0.0" + ] + }, + { + "ref": "pkg:npm/fill-range@7.0.1", + "dependsOn": [ + "pkg:npm/to-regex-range@5.0.1" + ] + }, + { + "ref": "pkg:npm/braces@3.0.2", + "dependsOn": [ + "pkg:npm/fill-range@7.0.1" + ] + }, + { + "ref": "pkg:npm/is-extglob@2.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-glob@4.0.3", + "dependsOn": [ + "pkg:npm/is-extglob@2.1.1" + ] + }, + { + "ref": "pkg:npm/glob-parent@5.1.2", + "dependsOn": [ + "pkg:npm/is-glob@4.0.3" + ] + }, + { + "ref": "pkg:npm/binary-extensions@2.2.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/is-binary-path@2.1.0", + "dependsOn": [ + "pkg:npm/binary-extensions@2.2.0" + ] + }, + { + "ref": "pkg:npm/readdirp@3.6.0", + "dependsOn": [ + "pkg:npm/picomatch@2.3.1" + ] + }, + { + "ref": "pkg:npm/fsevents@2.3.3", + "dependsOn": [] + }, + { + "ref": "pkg:npm/chokidar@3.5.3", + "dependsOn": [ + "pkg:npm/anymatch@3.1.3", + "pkg:npm/braces@3.0.2", + "pkg:npm/fsevents@2.3.3", + "pkg:npm/glob-parent@5.1.2", + "pkg:npm/is-binary-path@2.1.0", + "pkg:npm/is-glob@4.0.3", + "pkg:npm/normalize-path@3.0.0", + "pkg:npm/readdirp@3.6.0" + ] + }, + { + "ref": "pkg:npm/ignore-by-default@1.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/balanced-match@1.0.2", + "dependsOn": [] + }, + { + "ref": "pkg:npm/concat-map@0.0.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/brace-expansion@1.1.11", + "dependsOn": [ + "pkg:npm/balanced-match@1.0.2", + "pkg:npm/concat-map@0.0.1" + ] + }, + { + "ref": "pkg:npm/minimatch@3.1.2", + "dependsOn": [ + "pkg:npm/brace-expansion@1.1.11" + ] + }, + { + "ref": "pkg:npm/pstree.remy@1.1.8", + "dependsOn": [] + }, + { + "ref": "pkg:npm/yallist@4.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/lru-cache@6.0.0", + "dependsOn": [ + "pkg:npm/yallist@4.0.0" + ] + }, + { + "ref": "pkg:npm/semver@7.5.4", + "dependsOn": [ + "pkg:npm/lru-cache@6.0.0" + ] + }, + { + "ref": "pkg:npm/simple-update-notifier@2.0.0", + "dependsOn": [ + "pkg:npm/semver@7.5.4" + ] + }, + { + "ref": "pkg:npm/has-flag@3.0.0", + "dependsOn": [] + }, + { + "ref": "pkg:npm/supports-color@5.5.0", + "dependsOn": [ + "pkg:npm/has-flag@3.0.0" + ] + }, + { + "ref": "pkg:npm/abbrev@1.1.1", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nopt@1.0.10", + "dependsOn": [ + "pkg:npm/abbrev@1.1.1" + ] + }, + { + "ref": "pkg:npm/touch@3.1.0", + "dependsOn": [ + "pkg:npm/nopt@1.0.10" + ] + }, + { + "ref": "pkg:npm/undefsafe@2.0.5", + "dependsOn": [] + }, + { + "ref": "pkg:npm/nodemon@3.0.2", + "dependsOn": [ + "pkg:npm/chokidar@3.5.3", + "pkg:npm/debug@4.3.4", + "pkg:npm/ignore-by-default@1.0.1", + "pkg:npm/minimatch@3.1.2", + "pkg:npm/ms@2.1.2", + "pkg:npm/pstree.remy@1.1.8", + "pkg:npm/semver@7.5.4", + "pkg:npm/simple-update-notifier@2.0.0", + "pkg:npm/supports-color@5.5.0", + "pkg:npm/touch@3.1.0", + "pkg:npm/undefsafe@2.0.5" + ] + }, + { + "ref": "pkg:npm/server@1.0.0", + "dependsOn": [ + "pkg:npm/cors@2.8.5", + "pkg:npm/express@4.18.2", + "pkg:npm/fs@0.0.1-security", + "pkg:npm/multer@1.4.5-lts.1", + "pkg:npm/mysql@2.18.1", + "pkg:npm/nodemon@3.0.2" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "CVE-2014-2432/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2432" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2617/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2617", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2617" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2620/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2620", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2620" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2435/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2435", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2435" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2436/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2436", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2436" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4207/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4207", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4207" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6559/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6559", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6559" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4830/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4830", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4830" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4833/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4833", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4833" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4836/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4836", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4836" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0204/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0204", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0204" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.\tNOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-2478/pkg:npm/mysql@2.18.1", + "id": "CVE-2021-2478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", + "recommendation": "Update to 8.0.30 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122604" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.30", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10268/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10268", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10268" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10378/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10378", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10378" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2566/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2566", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2566" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2021-35065/pkg:npm/glob-parent@5.1.2", + "id": "CVE-2021-35065", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The glob-parent package before 6.0.1 for Node.js allows ReDoS regular ...\nNOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1)\nNOTE: https://github.com/gulpjs/glob-parent/pull/49", + "recommendation": "Update to 6.0.2+~5.1.1-1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/chokidar@3.5.3\", \"pkg:npm/glob-parent@5.1.2\"]" + }, + "affects": [ + { + "ref": "pkg:npm/glob-parent@5.1.2", + "versions": [ + { + "version": "5.1.2", + "status": "affected" + }, + { + "version": "6.0.2+~5.1.1-1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4858/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4858", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4858" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4861/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4240/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4240", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4240" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0431" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0433" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6496/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6496", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6496" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6478/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6478", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6478" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2434/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2434", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2434" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3244/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3244", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3244" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3258/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3258" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3265/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3265", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3265" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6491/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6491", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6491" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3641/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3648/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2440/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0427/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0427", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0427" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4000/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4000", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0505" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0506/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0506", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0506" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-49803/pkg:npm/cors@2.8.5", + "id": "CVE-2023-49803", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49803" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "# Overly permissive origin policy\nCurrently, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware.\n\nIf such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it.", + "recommendation": "Update to 5.0.0 or later", + "advisories": [ + { + "title": "GitHub Advisory", + "url": "https://github.com/advisories/GHSA-qxrj-hx23-xp82" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/cors@2.8.5\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cors@2.8.5", + "versions": [ + { + "version": "2.8.5", + "status": "affected" + }, + { + "version": "5.0.0", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3291/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3291", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3291" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3312/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3312", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3312" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0433/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0433", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0433" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0224/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0224", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0224" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2451/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2451", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2451" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6505/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6507/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6507" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-7744/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-7744", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7744" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0502/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0502", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0502" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3071/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3071", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3071" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5908/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5908", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5908" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0001/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0001", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0001" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2438/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2438" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0508/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0508", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0508" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2582/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2582", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2582" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2611/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3477/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3477", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3477" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3521/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3521", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3521" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0642/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0642", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0643/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0643" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-4316/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-4316", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-3152/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-3152", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3152" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4737/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4737", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4737" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2573/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2573", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2573" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-1861/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-1861", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1861" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3783/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3783", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3783" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6551/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6551", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6551" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6555/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6555", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6555" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5483/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5483", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5483" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** REJECT **\tDO NOT USE THIS CANDIDATE NUMBER.\tConsultIDs: CVE-2017-3600.\tReason: This candidate is a reservation duplicate of CVE-2017-3600.\tNotes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3302/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3302", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3302" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0409/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0409", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0409" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0401/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0401", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0401" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0438/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0438", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0438" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0439/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0439", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0439" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0505/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0505", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0546/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0546", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.\tNOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5615/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2023-21977/pkg:npm/mysql@2.18.1", + "id": "CVE-2023-21977", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21977" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0499/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0499", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0499" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0500/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0500" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3061/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3061", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3061" + }, + "ratings": [ + { + "score": 4.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3725-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4752/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4752", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4752" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4756/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4756", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4756" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3801/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3801", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3801" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0596/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0596", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0597/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0597", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0598/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0598", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6530/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6530", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6530" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0381/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0381", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0381" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3809/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3809", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3809" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4274/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4274", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4274" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6564/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6564", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6564" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3811/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3811", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3811" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3812/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3812", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3812" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0650/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0650", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0650" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0651/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4233/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4233", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4233" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4238/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4238" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2576/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2576", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2576" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4730/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4730", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4730" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4766/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4766", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4766" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4792/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4792", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4792" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0640/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0640", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0640" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0641/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0641" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6568/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6568" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-8275/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-8275", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8275" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0608/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0608", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0609/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0609", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6469/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6469", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6469" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3795/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3795", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3795" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3796/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3796", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3796" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5611/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5611", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5611" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5612/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5612", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5612" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2012-5613/pkg:npm/mysql@2.18.1", + "id": "CVE-2012-5613", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5613" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.", + "recommendation": "Update to 5.0.96-0.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.0.96-0.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0666/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0666", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0666" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-2047/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-2047", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4895/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4895", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4895" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4904/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4904", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4904" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4905/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4905", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4905" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-18589/pkg:npm/cookie@0.5.0", + "id": "CVE-2017-18589", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18589" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [ + 20 + ], + "description": "# Improper Input Validation in cookie\nAffected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server.\n\nThis flaw was corrected by explicitly checking for the Max-Age being in this integer range and clamping the value to the maximum duration value.\n\n## Related CVE(s)\nCVE-2017-18589, RUSTSEC-2017-0005", + "recommendation": "Update to 0.7.6 or later", + "advisories": [ + { + "title": "GitHub PR", + "url": "https://github.com/SergioBenitez/cookie-rs/pull/86" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/express@4.18.2\", \"pkg:npm/cookie@0.5.0\"]" + }, + "affects": [ + { + "ref": "pkg:npm/cookie@0.5.0", + "versions": [ + { + "version": "0.5.0", + "status": "affected" + }, + { + "version": "0.7.6", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Indirect dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5891/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5891", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5891" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5881/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5881", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5881" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5882/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5882", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5882" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3793/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3793" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6520/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6520", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6520" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2648/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2648" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2661/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2661", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2661" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3462/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3462", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3462" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3463/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3463" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2020-14672/pkg:npm/mysql@2.18.1", + "id": "CVE-2020-14672", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14672" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "recommendation": "Update to 8.0.26 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35629.json" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "8.0.26", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4214/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4214", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4214" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0286/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0286", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0286" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0288/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0288", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0644/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0644", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0644" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0646/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0646", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0646" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10379/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10379", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10379" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-10384/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-10384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10384" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.58-0.39.6.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.58-0.39.6.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3569/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3569", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.\tNOTE: this issue became relevant after the CVE-2014-3568 fix.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3653/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3653", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3653" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4879/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4879", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4879" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4890/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4890", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4890" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3651/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3651", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3651" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3652/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3652", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3652" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3807/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3807", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3807" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3808/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3808", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3808" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6489/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6489" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3305/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3305" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\".", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3308/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3308", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3308" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3238/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3238", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3238" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3243/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3243" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3318/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3318", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3318" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2567/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2567", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2567" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2442/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2442", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2442" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2444/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2444", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2444" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4862/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4862", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4862" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4864/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4864", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4864" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4910/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4910", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4910" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4913/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4913", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4913" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0600/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0606/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0606", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3453/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3453", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3453" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3456/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3456", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3456" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3461/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3461", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3461" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3309/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3309", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3309" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3329/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3329", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3329" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5894/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5894", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5894" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0511/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0511", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0511" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2305/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2305", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2305" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6495/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6495", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6495" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2484/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2484", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2484" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2494/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2494", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2494" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3806/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3806", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3806" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0441/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0441", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0441" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3794/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3794", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3794" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4769/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4769", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4769" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4771/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4771", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4771" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0437/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0437", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0437" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0206/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0206", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0206" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0374/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0374", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0374" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0405/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0405", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0405" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4287/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4287", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4287" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0501/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0501", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0501" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3464/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3464" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3600/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3600", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3600" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", + "recommendation": "Update to 5.5.55-0.38.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.55-0.38.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2568/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2568", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2568" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2571/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2571" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4800/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4800", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4800" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4802/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-0735/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-0735", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" + }, + "ratings": [ + { + "score": 5.9, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [ + 327 + ], + "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", + "recommendation": "", + "advisories": [ + { + "title": "Mailing List", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" + }, + { + "title": "vendor", + "url": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "title": "Debian Security", + "url": "https://www.debian.org/security/2018/dsa-4348" + }, + { + "title": "Ubuntu Security", + "url": "https://usn.ubuntu.com/3840-1/" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0503/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0503", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0503" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0498/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0498", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0498" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0205/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0205", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0205" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2450/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2450", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2450" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0386/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0386", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0386" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0393/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0393", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0393" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2011-2262/pkg:npm/mysql@2.18.1", + "id": "CVE-2011-2262", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2262" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Package updates are available for Amazon Linux that fix the following vulnerabilities:\nCVE-2012-0492:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783817: \nCVE-2012-0492 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0490:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783815: \nCVE-2012-0490 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0485:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783809: \nCVE-2012-0485 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0484:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783808: \nCVE-2012-0484 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality\n\nCVE-2012-0120:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783807: \nCVE-2012-0120 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0119:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783806: \nCVE-2012-0119 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0118:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783805: \nCVE-2012-0118 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0116:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783803: \nCVE-2012-0116 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and integrity\n\nCVE-2012-0115:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783802: \nCVE-2012-0115 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0114:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783801: \nCVE-2012-0114 mysql: Unspecified vulnerability allows local users to affect confidentiality and integrity\n\nCVE-2012-0113:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783800: \nCVE-2012-0113 mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability\n\nCVE-2012-0112:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783799: \nCVE-2012-0112 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0101:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783797: \nCVE-2012-0101 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0087:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n783795: \nCVE-2012-0087 mysql: Unspecified vulnerability allows remote authenticated users to affect availability\n\nCVE-2012-0075:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n\nCVE-2011-2262:\n\tUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.", + "recommendation": "Update to 5.1.61 or later", + "advisories": [ + { + "title": "vendor", + "url": "https://rhn.redhat.com/errata/RHSA-2012:0105.html" + } + ], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.1.61", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency\\nVendor Confirmed" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3571/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3571", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3571" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3572/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3572", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0384/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0384", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0384" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2639/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2639", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2639" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2641/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2641", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2641" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-2643/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-2643", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2643" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3635/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3635", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3635" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and\thttps://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3636/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3636", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3636" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", + "recommendation": "Update to 5.5.57-0.39.3.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.57-0.39.3.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1789/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1789", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1789" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-1793/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-1793", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6474/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6474", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6474" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0385/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0385", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0385" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0391/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0391", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0391" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-3570/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-3570", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3570" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0507/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0507", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0507" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5584/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5584", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5584" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-6662/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-6662", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6662" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6500/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6500", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6500" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3313/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3313", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3313" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2017-3317/pkg:npm/mysql@2.18.1", + "id": "CVE-2017-3317", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3317" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).", + "recommendation": "Update to 5.5.54-0.35.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.54-0.35.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3805/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3805", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3805" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-3615/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-3615", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3615" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-5440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-5440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5440" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.", + "recommendation": "Update to 5.5.52-0.27.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.52-0.27.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-9843/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-9843", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2018-3133/pkg:npm/mysql@2.18.1", + "id": "CVE-2018-3133", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3133" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "recommendation": "Update to 5.5.62-0.39.18.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.62-0.39.18.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0402/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0402" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0382/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0382", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0382" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0412/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0412", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0412" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-0420/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-0420", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0420" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4258/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4258", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4258" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4260/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4260", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4260" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4772/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4772", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4772" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-5860/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-5860", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5860" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2430/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2430", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2430" + }, + "ratings": [ + { + "score": 2.0, + "severity": "low", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2431/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2431", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2431" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-7440/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-7440", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7440" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.", + "recommendation": "Update to 5.5.53-0.30.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.53-0.30.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0411/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0411", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0411" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0423/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0423", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0423" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4819/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4819", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4819" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4826/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4826", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4826" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-2419/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-2419", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2419" + }, + "ratings": [ + { + "score": 9.0, + "severity": "critical", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-0432/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-0432", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0432" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6463/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6463", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6463" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-6464/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-6464", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6464" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3810/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3810", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3810" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4815/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4815", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4815" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4816/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4816", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4816" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2014-4243/pkg:npm/mysql@2.18.1", + "id": "CVE-2014-4243", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4243" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4757/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4757", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4757" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4761/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4761", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4761" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4767/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4767", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4767" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.", + "recommendation": "Update to 5.5.45-0.11.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.45-0.11.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3802/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3802", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3802" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3804/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3804", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3804" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0616/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0616", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.", + "recommendation": "Update to 5.5.47-0.17.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.47-0.17.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2013-3798/pkg:npm/mysql@2.18.1", + "id": "CVE-2013-3798", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3798" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.", + "recommendation": "Update to 5.5.39-0.7.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.39-0.7.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4866/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4866", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4866" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2015-4870/pkg:npm/mysql@2.18.1", + "id": "CVE-2015-4870", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4870" + }, + "ratings": [ + { + "score": 5.0, + "severity": "medium", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.", + "recommendation": "Update to 5.5.46-0.14.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.46-0.14.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0647/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0647", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0647" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0648/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0648", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0648" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + }, + { + "bom-ref": "CVE-2016-0649/pkg:npm/mysql@2.18.1", + "id": "CVE-2016-0649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0649" + }, + "ratings": [ + { + "score": 7.5, + "severity": "high", + "method": "CVSSv31" + } + ], + "cwes": [], + "description": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.", + "recommendation": "Update to 5.5.49-0.20.1 or later", + "advisories": [], + "analysis": { + "state": "in_triage", + "detail": "Dependency Tree: [\"pkg:npm/server@1.0.0\", \"pkg:npm/mysql@2.18.1\"]" + }, + "affects": [ + { + "ref": "pkg:npm/mysql@2.18.1", + "versions": [ + { + "version": "2.18.1", + "status": "affected" + }, + { + "version": "5.5.49-0.20.1", + "status": "unaffected" + } + ] + } + ], + "properties": [ + { + "name": "depscan:insights", + "value": "Direct dependency" + }, + { + "name": "depscan:prioritized", + "value": "false" + } + ] + } + ] +} \ No newline at end of file diff --git a/server/reports/sbom-universal.json b/server/reports/sbom-universal.json index 91097f181..90e53d646 100644 --- a/server/reports/sbom-universal.json +++ b/server/reports/sbom-universal.json @@ -1,10 +1,10 @@ { "bomFormat": "CycloneDX", "specVersion": "1.5", - "serialNumber": "urn:uuid:c6abb02b-6432-4a7c-ac5a-7ea9f7ac6948", + "serialNumber": "urn:uuid:71ac8af0-4401-4b7e-a395-a1f2d08c6f1c", "version": 1, "metadata": { - "timestamp": "2023-12-20T08:39:06.618Z", + "timestamp": "2023-12-20T09:26:43.428Z", "tools": { "components": [ {