Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.openidentityplatform.commons.ui/common… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.openidentityplatform.commons.ui
commons
2.1.5
commons 2.1.5
org.openidentityplatform.commons.ui
Published
Jul 22, 2024
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
31
Versions
31
Vulnerabilities
20
Vulnerabilities
20
Dependencies
0
Dependencies
0
Severity
Critical
(1)
High
(4)
Medium
(15)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.1
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
affected
Severity
Medium
Published
Jul 29, 2022
7.5
CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
affected
Severity
7.5
CVE-2022-24785
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
affected
Severity
High
8.1
sonatype-2020-0598
i18next - Prototype Pollution
affected
Severity
High
Published
Jul 21, 2020
6.1
CVE-2020-11023
EXPLOITED
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
affected
Severity
Medium
6.1
sonatype-2020-0187
jQuery - Cross-Site Scripting (XSS)
affected
Severity
Medium
Published
Apr 14, 2020
9.8
sonatype-2019-0500
lodash - Prototype Pollution via _.template
affected
Severity
Critical
Published
Nov 26, 2019
6.1
sonatype-2018-0607
bootstrap - Cross-Site Scripting (XSS)
affected
Severity
Medium
Published
Sep 23, 2019
6.1
sonatype-2017-0695
bootstrap - Cross-Site Scripting (XSS) [CVE-2016-10735]
affected
Severity
Medium
Published
Jul 8, 2019
6.1
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
affected
Severity
Medium
Published
6.1
CVE-2018-20676
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
affected
Severity
Medium
Published
Jan 14, 2019
6.1
CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
affected
Severity
Medium
Published
Jan 14, 2019
6.1
CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
affected
Severity
Medium
Published
Aug 24, 2018
4.3
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
affected
Severity
Medium
6.1
CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
affected
Severity
Medium
Published
Jul 31, 2018
6.5
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
affected
Severity
Medium
6.5
sonatype-2014-0026
jQuery - Cross-Site Scripting (XSS)
affected
Severity
Medium
Published
Mar 28, 2017
6.5
sonatype-2015-0065
sonatype-2015-0065 - i18next - Cross Site Scripting is possible due to a bug in the interpolation resolution code
affected
Severity
Medium
Published
Mar 28, 2017
7.5
sonatype-2016-0133
jquery - Uncontrolled Resource Consumption
affected
Severity
High
Published
5.4
sonatype-2016-0129
bootstrap - Cross Site Scripting (XSS) in data-target attribute
affected
Severity
Medium
Published
Mar 28, 2017
High
Published
Jul 12, 2022
Published
Apr 4, 2022
Published
Apr 30, 2020
Feb 22, 2019
Published
Aug 6, 2018
Published
Apr 27, 2018
Mar 28, 2017
