dotCMS 5.1.1 Vulnerable Dependencies

  1. 3 months ago

    h121.png

    dotCMS version 5.1.1 suffers from cross site scripting and various other vulnerabilities due to various open source dependencies.

    MD5 | 9e53ca2a35a92379f55b21ad389e087c

    Download => dotcms511-dependencies.txt

    Hello,
    
    I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable
    open source dependencies.
    
    Full security write up:
    http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/
    
    The details:
    
    ----
    
      /ROOT/html/js/scriptaculous/prototype.js
    
    ↳ prototypejs 1.5.0
    prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE:
    CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/
    http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/
    
    ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jquery.min.js
    
    ↳ jquery 1.9.1
    jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,
    summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
    https://github.com/jquery/jquery/issues/2432
    http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
    CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
    event handlers; https://bugs.jquery.com/ticket/11974
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
    CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
    Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
    because of Object.prototype pollution;
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
    https://nvd.nist.gov/vuln/detail/CVE-2019-11358
    https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
    
    ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrap.min.js
    ↳ bootstrap 3.2.0
    bootstrap 3.2.0 has known vulnerabilities: severity: high; issue: 28236,
    summary: XSS in data-template, data-content and data-title properties of
    tooltip/popover, CVE: CVE-2019-8331;
    https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue:
    20184, summary: XSS in data-target property of scrollspy, CVE:
    CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity:
    medium; issue: 20184, summary: XSS in collapse data-parent attribute,
    CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184
    severity: medium; issue: 20184, summary: XSS in data-container property
    of tooltip, CVE: CVE-2018-14042;
    https://github.com/twbs/bootstrap/issues/20184
    
    ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAsset/jquery.min.js
    ↳ jquery 3.3.1
    jquery 3.3.1 has known vulnerabilities: severity: low; CVE:
    CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
    Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
    because of Object.prototype pollution;
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
    https://nvd.nist.gov/vuln/detail/CVE-2019-11358
    https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
    
    ROOT/assets/f/6/f6fa6b13-3a96-4cbf-9a75-19a40137f05a/fileAsset/jquery.min.js
    
    ↳ jquery 1.9.1
    jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432,
    summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
    https://github.com/jquery/jquery/issues/2432
    http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
    CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
    event handlers; https://bugs.jquery.com/ticket/11974
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
    CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
    Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
    because of Object.prototype pollution;
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
    https://nvd.nist.gov/vuln/detail/CVE-2019-11358
    https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
    
    ROOT/assets/4/a/4a5a727f-369b-49e0-bff5-42d9efb4ba90/fileAsset/jquery-2.1.1.min.js
    
    ↳ jquery 2.1.1.min
    jquery 2.1.1.min has known vulnerabilities: severity: medium; issue:
    2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251;
    https://github.com/jquery/jquery/issues/2432
    http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: medium; CVE:
    CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in
    event handlers; https://bugs.jquery.com/ticket/11974
    https://nvd.nist.gov/vuln/detail/CVE-2015-9251
    http://research.insecurelabs.org/jquery/test/ severity: low; CVE:
    CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal,
    Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …)
    because of Object.prototype pollution;
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
    https://nvd.nist.gov/vuln/detail/CVE-2019-11358
    https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
    
    ROOT/html/js/dojo/custom-build/dojo/dojo.js
    
    ↳ dojo 1.8.6
    dojo 1.8.6 has known vulnerabilities: severity: medium; PR: 307;
    https://github.com/dojo/dojo/pull/307
    https://dojotoolkit.org/blog/dojo-1-14-released
    
    ROOT/html/js/tinymce/js/tinymce/tinymce.min.js
    
    ↳ tinyMCE 4.1.6
    tinyMCE 4.1.6 has known vulnerabilities: severity: medium; summary: xss
    issues with media plugin not properly filtering out some script
    attributes.; https://www.tinymce.com/docs/changelog/ severity: medium;
    summary: FIXED so script elements gets removed by default to prevent
    possible XSS issues in default config implementations;
    https://www.tinymce.com/docs/changelog/ severity: medium; summary: FIXED
    so links with xlink:href attributes are filtered correctly to prevent
    XSS.; https://www.tinymce.com/docs/changelog/
 

or Sign Up to reply!