Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities in the ClearURLS extension #397

Open
Jeyso215 opened this issue Dec 24, 2024 · 0 comments
Open

Vulnerabilities in the ClearURLS extension #397

Jeyso215 opened this issue Dec 24, 2024 · 0 comments

Comments

@Jeyso215
Copy link

/external_js/bootstrap.min.js
Bootstrap Cross-Site Scripting (XSS) vulnerability (CVE-2024-6531)
GHSA-vc8w-jr9v-vj7f
https://nvd.nist.gov/vuln/detail/CVE-2024-6531
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
https://github.com/twbs/bootstrap
https://www.herodevs.com/vulnerability-directory/cve-2024-6531

/external_js/datatables.min.js
datatables.net vulnerable to Prototype Pollution due to incomplete fix (CVE-2020-28458)
GHSA-m7j4-fhg6-xf5v

prototype pollution
https://cdn.datatables.net/1.10.22/

prototype pollution
https://cdn.datatables.net/1.10.23/
DataTables/DataTablesSrc@a51cbe9

possible XSS
https://cdn.datatables.net/1.11.3/
DataTables/Dist-DataTables@59a8d3f

Cross site scripting in datatables.net (CVE-2021-23445)
GHSA-h73q-5wmj-q8pj
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 25, 2024
@llc0930
Updated bootstrap and datatables datatables (Fixed ClearURLs#397)
d3f321c
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 25, 2024
@llc0930
Updated bootstrap and datatables version (Fixed ClearURLs#397)
0fffa0b
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 25, 2024
@llc0930
Updated bootstrap and datatables version (Fixed ClearURLs#397)
23f7e16
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 26, 2024
@llc0930
Updated Bootstrap and DataTables version (Fixed ClearURLs#397)
22879d6
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 26, 2024
@llc0930
Updated Bootstrap and DataTables version (Fixed ClearURLs#397)
cfefd89 
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 26, 2024
@llc0930
Update dependency versions (Fixed ClearURLs#397)
3ff322e 
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
Updated to Pickr 1.9.1
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 26, 2024
@llc0930
Update dependency versions (Fixed ClearURLs#397)
e5372a7 
Updated to webextension-polyfill 0.12.0
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
Updated to Pickr 1.9.1
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 26, 2024
@llc0930
Update dependency versions (Fixed ClearURLs#397)
e228f43 
Updated to webextension-polyfill 0.12.0
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
Updated to Pickr 1.9.1
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 27, 2024
@llc0930
Update dependency versions (Fixed ClearURLs#397)
2ff0e07 
Updated to webextension-polyfill 0.12.0
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
Updated to Pickr 1.9.1
llc0930 added a commit to llc0930/ClearURLs_Addon that referenced this issue Dec 28, 2024
@llc0930
Update dependency versions (Fixed ClearURLs#397)
8cf2da7 
Updated to webextension-polyfill 0.12.0
Updated to Bootstrap 5.3.3
Updated to Bootstrap Colorpicker 3.4.0
Updated to DataTables 2.1.8
Updated to Pickr 1.9.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jeyso215