hive-apollo-router-plugin-1.1.1.crate: 54 vulnerabilities (highest severity is: 9.6) - autoclosed #6447
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
mend-bolt-for-github
bot
changed the title
mend-bolt-for-github
bot
changed the title
mend-bolt-for-github
bot
changed the title
|
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-21
URL: CVE-2024-7971
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-7971
Release Date: 2024-08-21
Fix Resolution: v8-13.0.16
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-07-16
URL: CVE-2024-6779
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/351327767
Release Date: 2024-07-16
Fix Resolution: v8-12.8.295
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-05-15
URL: CVE-2024-4947
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Release Date: 2024-05-15
Fix Resolution: b3c01ac1e60afc9addad9942f7a9a6c5e8a4a6da
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Publish Date: 2024-09-23
URL: CVE-2024-7024
CVSS 3 Score Details (9.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-09-23
Fix Resolution: v8-12.6.152
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-10-08
URL: CVE-2024-9603
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/367818758
Release Date: 2024-10-08
Fix Resolution: v8-13.1.132
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-10-08
URL: CVE-2024-9602
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/368241697
Release Date: 2024-10-08
Fix Resolution: v8-13.1.96
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-09-24
URL: CVE-2024-9122
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/365802567
Release Date: 2024-09-24
Fix Resolution: 13.1.20
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-09-24
URL: CVE-2024-9121
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/363538434
Release Date: 2024-09-24
Fix Resolution: v8-13.0.219
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-09-17
URL: CVE-2024-8904
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-8904
Release Date: 2024-09-17
Fix Resolution: v8-13.0.198
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-09-11
URL: CVE-2024-8638
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/362539773
Release Date: 2024-09-11
Fix Resolution: v8-13.0.167
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-28
URL: CVE-2024-8194
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-8194
Release Date: 2024-08-28
Fix Resolution: v8-13.0.16
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-09-03
URL: CVE-2024-7970
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-7970
Release Date: 2024-09-03
Fix Resolution: v8-13.0.86
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-21
URL: CVE-2024-7969
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/351865302
Release Date: 2024-08-21
Fix Resolution: v8-13.0.22
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-21
URL: CVE-2024-7965
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-7965
Release Date: 2024-08-21
Fix Resolution: v8-12.9.130
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-06
URL: CVE-2024-7550
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-7550
Release Date: 2024-08-06
Fix Resolution: v8-12.9.56
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-08-06
URL: CVE-2024-7535
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-7535
Release Date: 2024-08-06
Fix Resolution: v8-12.9.68
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Publish Date: 2024-09-23
URL: CVE-2024-7022
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://issues.chromium.org/issues/324690505
Release Date: 2024-09-23
Fix Resolution: v8-12.3.209
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-07-16
URL: CVE-2024-6773
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-07-16
Fix Resolution: v8-12.8.96
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-07-16
URL: CVE-2024-6772
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html
Release Date: 2024-07-16
Fix Resolution: v8-12.8.127
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-06-19
URL: CVE-2024-6101
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-6101
Release Date: 2024-06-20
Fix Resolution: v8-12.7.191
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-06-19
URL: CVE-2024-6100
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2293006
Release Date: 2024-06-17
Fix Resolution: v8-12.7.208
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Publish Date: 2024-06-11
URL: CVE-2024-5841
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-06-11
Fix Resolution: fd628a3450252d505bb017332c3cf09d26684668
Step up your Open Source Security Game with Mend here
Vulnerable Library - v8-0.74.3.crate
Rust bindings to V8
Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate
Path to dependency file: /Cargo.toml
Path to vulnerable library: /Cargo.toml
Dependency Hierarchy:
Found in HEAD commit: 5361202e226492c0d22d39a95c106d65a19c4b21
Found in base branch: main
Vulnerability Details
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Publish Date: 2024-06-11
URL: CVE-2024-5838
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2024-06-11
Fix Resolution: 5ab0723917535db1836753f0a8dca0335ca29812
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: