Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade UmbracoCms.Core from 7.15.0 to 8.18.13 #125

Open
wants to merge 1 commit into
base: merchello-dev
Choose a base branch
from

fix: src/Merchello.FastTrack.Ui/packages.config to reduce vulnerabili…

14a7134
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade UmbracoCms.Core from 7.15.0 to 8.18.13 #125

fix: src/Merchello.FastTrack.Ui/packages.config to reduce vulnerabili…
14a7134
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed May 22, 2024 in 13m 48s

Security Report

You have successfully remediated 4 vulnerabilities, but introduced 206 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (81 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-32840

Path to vulnerable library: /src/Merchello.Providers/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.FastTrack.Ui/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.UnitTests/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Examine/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Web.Store/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.IntegrationTests/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Web/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.Base/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.Core/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.PaymentProviders/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/test/Merchello.Tests.PaymentProviders/Braintree/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg,/src/Merchello.FastTrack/packages/SharpZipLib.0.86.0/SharpZipLib.0.86.0.nupkg

Dependency Hierarchy:

-> ❌ sharpziplib.0.86.0.nupkg (Vulnerable Library)

Critical 9.8 sharpziplib.0.86.0.nupkg Upgrade to version: SharpZipLib - 1.3.3 None
CVE-2021-32840

Path to dependency file: /src/Merchello.Examine/Merchello.Examine.csproj

Path to vulnerable library: /src/Merchello.Examine/Merchello.Examine.csproj,/src/Merchello.Web/Merchello.Web.csproj,/test/Merchello.Tests.PaymentProviders/Merchello.Tests.PaymentProviders.csproj,/src/Merchello.FastTrack.Ui/Merchello.FastTrack.Ui.csproj,/test/Merchello.Tests.UnitTests/Merchello.Tests.UnitTests.csproj,/src/Merchello.FastTrack/Merchello.FastTrack.csproj,/src/Merchello.Web.Store/Merchello.Web.Store.csproj,/test/Merchello.Tests.Base/Merchello.Tests.Base.csproj,/src/Merchello.Core/Merchello.Core.csproj,/test/Merchello.Tests.IntegrationTests/Merchello.Tests.IntegrationTests.csproj,/src/Merchello.Providers/Merchello.Providers.csproj

Dependency Hierarchy:

-> ❌ sharpziplib.0.86.0.nupkg (Vulnerable Library)

Critical 9.8 sharpziplib.0.86.0.nupkg Upgrade to version: SharpZipLib - 1.3.3 None
CVE-2020-7746

Path to vulnerable library: /lib/charts/Chart.js

Dependency Hierarchy:

-> ❌ Chart-1.0.2.js (Vulnerable Library)

Critical 9.8 Chart-1.0.2.js Upgrade to version: chart.js - 2.9.4 None
CVE-2018-1285

Path to vulnerable library: /test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to vulnerable library: /src/Merchello.Web/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net35-client/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net35-client/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to vulnerable library: /src/Merchello.Web/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net40-client/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net40-client/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to dependency file: /test/Merchello.Tests.UnitTests/Merchello.Tests.UnitTests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.Base/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Web/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/src/Merchello.FastTrack/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Providers/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Web.Store/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Examine/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/src/Merchello.Core/packages/log4net.2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/home/wss-scanner/.nuget/packages/log4net/2.0.8/log4net.2.0.8.nupkg,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/log4net.2.0.8.nupkg

Dependency Hierarchy:

-> ❌ log4net.2.0.8.nupkg (Vulnerable Library)

Critical 9.8 log4net.2.0.8.nupkg Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Dependency Hierarchy:

-> ❌ umbracocms.core.7.15.0.nupkg (Vulnerable Library)

Critical 9.8 umbracocms.core.7.15.0.nupkg Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to vulnerable library: /src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net40-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net40-full/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to vulnerable library: /test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Core/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Examine/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Providers/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Providers/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/src/Merchello.FastTrack.Ui/bin/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net45-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/src/Merchello.Web.Store/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll,/test/Merchello.Tests.Base/packages/UmbracoCms.Core.7.15.0/lib/net452/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2018-1285

Path to vulnerable library: /src/Merchello.Providers/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.FastTrack/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Examine/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.PaymentProviders/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.Base/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.IntegrationTests/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Core/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Web.Store/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.Web/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/src/Merchello.FastTrack.Ui/packages/log4net.2.0.8/lib/net35-full/log4net.dll,/test/Merchello.Tests.UnitTests/packages/log4net.2.0.8/lib/net35-full/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 None
CVE-2020-9471

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg

Dependency Hierarchy:

-> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library)

High 8.8 umbracocms.core.7.2.4.nupkg Upgrade to version: UmbracoCms.Core - 7.2.5-RC,7.6.0-RC,7.3.0-RC,8.5.4,7.2.0-RC,6.0.0-RC,6.2.0-RC,7.1.0-RC,6.2.0.1-RC,7.0.0-RC None
CVE-2020-9471

Dependency Hierarchy:

-> ❌ umbracocms.core.7.15.0.nupkg (Vulnerable Library)

High 8.8 umbracocms.core.7.15.0.nupkg Upgrade to version: UmbracoCms.Core - 7.2.5-RC,7.6.0-RC,7.3.0-RC,8.5.4,7.2.0-RC,6.0.0-RC,6.2.0-RC,7.1.0-RC,6.2.0.1-RC,7.0.0-RC None
CVE-2015-8814

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg

Dependency Hierarchy:

-> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library)

High 8.8 umbracocms.core.7.2.4.nupkg Upgrade to version: 7.6-alpha071 None
CVE-2015-8813

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg

Dependency Hierarchy:

-> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library)

High 8.2 umbracocms.core.7.2.4.nupkg Upgrade to version: 7.4.0 None
CVE-2023-33170

Dependency Hierarchy:

-> ❌ microsoft.aspnet.identity.owin.2.2.2.nupkg (Vulnerable Library)

High 8.1 microsoft.aspnet.identity.owin.2.2.2.nupkg Upgrade to version: Microsoft.AspNet.Identity.Owin - 2.2.4;Microsoft.AspNetCore.App.Runtime - 6.0.20,7.0.9;Microsoft.AspNetCore.Identity - 2.1.39 None
CVE-2023-33170

Path to vulnerable library: /src/Merchello.FastTrack.Ui/bin/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Providers/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.IntegrationTests/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Web/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Web.Store/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.FastTrack/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Core/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.PaymentProviders/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.Base/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/test/Merchello.Tests.UnitTests/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.FastTrack.Ui/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll,/src/Merchello.Examine/packages/Microsoft.AspNet.Identity.Owin.2.2.2/lib/net45/Microsoft.AspNet.Identity.Owin.dll

Dependency Hierarchy:

-> ❌ Microsoft.AspNet.Identity.Owin-2.2.2.70424.0.dll (Vulnerable Library)

High 8.1 Microsoft.AspNet.Identity.Owin-2.2.2.70424.0.dll Upgrade to version: Microsoft.AspNet.Identity.Owin - 2.2.4;Microsoft.AspNetCore.App.Runtime - 6.0.20,7.0.9;Microsoft.AspNetCore.Identity - 2.1.39 None
WS-2020-0008

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.6 umbracocms.7.15.0.nupkg Upgrade to version: 4.9.7,5.1.4 None
WS-2020-0008

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

High 7.6 tinymce-4.1.10.min.js Upgrade to version: 4.9.7,5.1.4 None
WS-2020-0008

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

High 7.6 tinymce-4.9.5.min.js Upgrade to version: 4.9.7,5.1.4 None
WS-2021-0001

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.6.0 None
WS-2021-0001

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

High 7.5 tinymce-4.1.10.min.js Upgrade to version: tinymce - 5.6.0 None
WS-2021-0001

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

High 7.5 tinymce-4.9.5.min.js Upgrade to version: tinymce - 5.6.0 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.3/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard2.0/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/bin/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/Newtonsoft.Json.6.0.5.nupkg

Dependency Hierarchy:

-> ❌ newtonsoft.json.6.0.5.nupkg (Vulnerable Library)

High 7.5 newtonsoft.json.6.0.5.nupkg Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net20/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/net35/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Dependency Hierarchy:

-> ❌ newtonsoft.json.12.0.2.nupkg (Vulnerable Library)

High 7.5 newtonsoft.json.12.0.2.nupkg Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.IntegrationTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Web.Store/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.UnitTests/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.PaymentProviders/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Web/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Providers/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.FastTrack.Ui/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/test/Merchello.Tests.Base/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Examine/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/src/Merchello.Core/packages/Newtonsoft.Json.12.0.2/lib/netstandard1.0/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-12.0.2.23222.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-12.0.2.23222.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/netcore45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2024-21907

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/Newtonsoft.Json.6.0.5/lib/net35/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-6.0.5.17707.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-6.0.5.17707.dll Upgrade to version: Newtonsoft.Json - 13.0.1 None
CVE-2022-31147

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Scripts/jquery.validate-vsdoc.js

Dependency Hierarchy:

-> ❌ jquery.validate-1.8.0.js (Vulnerable Library)

High 7.5 jquery.validate-1.8.0.js Upgrade to version: jquery-validation - 1.19.5 None
CVE-2022-31129

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.7.15.0.nupkg Upgrade to version: moment - 2.29.4 None
CVE-2022-31129

Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js

Dependency Hierarchy:

-> ❌ moment-2.10.6.min.js (Vulnerable Library)

High 7.5 moment-2.10.6.min.js Upgrade to version: moment - 2.29.4 None
CVE-2022-29117

Dependency Hierarchy:

-> ❌ microsoft.owin.security.cookies.4.0.1.nupkg (Vulnerable Library)

High 7.5 microsoft.owin.security.cookies.4.0.1.nupkg Upgrade to version: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2 None
CVE-2022-29117

Dependency Hierarchy:

-> ❌ microsoft.owin.4.0.1.nupkg (Vulnerable Library)

High 7.5 microsoft.owin.4.0.1.nupkg Upgrade to version: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2 None
CVE-2022-24785

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.7.15.0.nupkg Upgrade to version: moment - 2.29.2 None
CVE-2022-24785

Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js

Dependency Hierarchy:

-> ❌ moment-2.10.6.min.js (Vulnerable Library)

High 7.5 moment-2.10.6.min.js Upgrade to version: moment - 2.29.2 None
CVE-2022-22690

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg

Dependency Hierarchy:

-> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library)

High 7.5 umbracocms.core.7.2.4.nupkg Upgrade to version: Umbraco.Cms.Core - 9.2.0 None
CVE-2022-22690

Dependency Hierarchy:

-> ❌ umbracocms.core.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.core.7.15.0.nupkg Upgrade to version: Umbraco.Cms.Core - 9.2.0 None
CVE-2021-21252

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Scripts/jquery.validate-vsdoc.js

Dependency Hierarchy:

-> ❌ jquery.validate-1.8.0.js (Vulnerable Library)

High 7.5 jquery.validate-1.8.0.js Upgrade to version: jquery-validation - 1.19.3 None
CVE-2020-7760

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.7.15.0.nupkg Upgrade to version: codemirror - 5.58.2 None
CVE-2017-18214

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.5 umbracocms.7.15.0.nupkg Upgrade to version: moment - 2.19.3 None
CVE-2017-18214

Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js

Dependency Hierarchy:

-> ❌ moment-2.10.6.min.js (Vulnerable Library)

High 7.5 moment-2.10.6.min.js Upgrade to version: moment - 2.19.3 None
CVE-2022-22691

Path to vulnerable library: /test/Merchello.Tests.PaymentProviders/Braintree/packages/UmbracoCms.Core.7.2.4/UmbracoCms.Core.7.2.4.nupkg

Dependency Hierarchy:

-> ❌ umbracocms.core.7.2.4.nupkg (Vulnerable Library)

High 7.4 umbracocms.core.7.2.4.nupkg Upgrade to version: Umbraco.Cms.Core - 9.2.0 None
CVE-2022-22691

Dependency Hierarchy:

-> ❌ umbracocms.core.7.15.0.nupkg (Vulnerable Library)

High 7.4 umbracocms.core.7.15.0.nupkg Upgrade to version: Umbraco.Cms.Core - 9.2.0 None
CVE-2021-23358

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

High 7.2 umbracocms.7.15.0.nupkg Upgrade to version: underscore - 1.12.1,1.13.0-2 None
CVE-2020-9472

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.5 umbracocms.7.15.0.nupkg Upgrade to version: UmbracoCms - 8.5.4 None
CVE-2020-5811

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.5 umbracocms.7.15.0.nupkg Upgrade to version: UmbracoCms - 8.6.7,8.9.2,7.15.7,8.8.3,8.7.2,8.10.0 None
CVE-2016-4055

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.5 umbracocms.7.15.0.nupkg Upgrade to version: moment - 2.11.2 None
CVE-2016-4055

Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/moment/moment.min.js,/src/Merchello.FastTrack.Ui/Umbraco/lib/moment/moment.min.js

Dependency Hierarchy:

-> ❌ moment-2.10.6.min.js (Vulnerable Library)

Medium 6.5 moment-2.10.6.min.js Upgrade to version: moment - 2.11.2 None
WS-2021-0133

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.7.1 None
WS-2021-0133

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: tinymce - 5.7.1 None
WS-2021-0133

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: tinymce - 5.7.1 None
WS-2020-0142

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.4.1, 4.9.11 None
WS-2020-0142

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: tinymce - 5.4.1, 4.9.11 None
WS-2020-0142

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: tinymce - 5.4.1, 4.9.11 None
WS-2018-0022

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: 1.6.9 None
CVE-2024-34071

Path to dependency file: /build/NuSpec/Merchello.TestsBase.nuspec

Path to vulnerable library: /src/Merchello.FastTrack.Ui/packages/UmbracoCms.Core.8.18.13/UmbracoCms.Core.8.18.13.nupkg,/home/wss-scanner/.nuget/packages/umbracocms.core/8.18.13/umbracocms.core.8.18.13.nupkg,/home/wss-scanner/.nuget/packages/umbracocms.core/8.18.13/umbracocms.core.8.18.13.nupkg,/src/Merchello.FastTrack.Ui/Merchello.FastTrack.Ui.csproj

Dependency Hierarchy:

-> ❌ umbracocms.core.8.18.13.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.core.8.18.13.nupkg Upgrade to version: UmbracoCms.Core - 8.18.14, Umbraco.Cms.Core - 10.8.6,12.3.10,13.3.1, Umbraco.Cms.Web.BackOffice - 10.8.6,12.3.10,13.3.1 None
CVE-2024-21911

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.6.0 None
CVE-2024-21911

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: tinymce - 5.6.0 None
CVE-2024-21911

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: tinymce - 5.6.0 None
CVE-2024-21910

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 None
CVE-2024-21910

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 None
CVE-2024-21910

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0 None
CVE-2024-21908

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.9.0 None
CVE-2024-21908

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: tinymce - 5.9.0 None
CVE-2024-21908

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: tinymce - 5.9.0 None
CVE-2023-48219

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: TinyMCE - 5.10.9,6.7.3 None
CVE-2023-48219

Path to vulnerable library: /src/Merchello.FastTrack.Ui/App_Data/NuGetBackup/20160823-095311/Umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.1.10.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.1.10.min.js Upgrade to version: TinyMCE - 5.10.9,6.7.3 None
CVE-2023-48219

Path to vulnerable library: /src/Merchello.FastTrack.Ui/Umbraco/lib/tinymce/tinymce.min.js,/src/Merchello.FastTrack.Ui/packages/UmbracoCms.7.15.0/UmbracoFiles/umbraco/lib/tinymce/tinymce.min.js

Dependency Hierarchy:

-> ❌ tinymce-4.9.5.min.js (Vulnerable Library)

Medium 6.1 tinymce-4.9.5.min.js Upgrade to version: TinyMCE - 5.10.9,6.7.3 None
CVE-2023-45819

Dependency Hierarchy:

-> ❌ umbracocms.7.15.0.nupkg (Vulnerable Library)

Medium 6.1 umbracocms.7.15.0.nupkg Upgrade to version: tinymce - 5.10.8,6.7.1;TinyMCE - 5.10.8,6.7.1 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-49279 umbracocms.core.7.5.0.nupkg
CVE-2020-9471 umbracocms.core.7.5.0.nupkg
CVE-2022-22690 umbracocms.core.7.5.0.nupkg
CVE-2022-22691 umbracocms.core.7.5.0.nupkg

Base branch total remaining vulnerabilities: 311
Base branch commit: null


Total libraries scanned: 1552

Scan token: a081c0c2ecc948338a0aa37a28ec6600

View more details on Mend Bolt for GitHub