Several CVE vulnerabilities in JsPolicy 0.2.2

As part of our image scanning we found that the latest JsPolicy (0.2.2) has several unaddressed CVEs

CVE ID: CVE-2023-26604,CVE-2023-50387
Vulnerabilities in libudev1

CVE-2023-42282 ([MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42282) [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-42282)) Server-Side Request Forgery (SSRF) Vulnerability in ip 2.0.0
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

CVE-2022-37434 ([MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434) [NIST](https://nvd.nist.gov/vuln/detail/CVE-2022-37434)) Out-of-bounds Write Vulnerability in zlib 1.2.11

CVE-2023-45853 ([MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853) [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)) Integer Overflow or Wraparound Vulnerability in zlib 1.2.11

CVE-2021-4279 ([MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4279) [NIST](https://nvd.nist.gov/vuln/detail/CVE-2021-4279)) Vulnerability in jsonpatch 2.2.0

CVE-2023-28154 ([MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28154) [NIST](https://nvd.nist.gov/vuln/detail/CVE-2023-28154)) Vulnerability in webpack 5.75.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Several CVE vulnerabilities in JsPolicy 0.2.2 #130

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Several CVE vulnerabilities in JsPolicy 0.2.2 #130

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions