Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

org.webjars.npm/3dmol 1.5.1 | Vulnerabilit… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

org.webjars.npm

3dmol

1.5.1

3dmol 1.5.1

Latest

org.webjars.npm

PublishedMay 3, 2020•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (6)

Medium (0)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

7.5CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

PublishedSep 20, 2024

7.1CVE-2023-2976

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

PublishedMay 31, 2023

7.5CVE-2022-3509

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

PublishedNov 11, 2022

7.5sonatype-2021-1694

gson - Deserialization of Untrusted Data [CVE-2022-25647]

PublishedNov 3, 2021

7.5sonatype-2021-0835

urijs - Prototype Pollution

PublishedJul 19, 2021

7.5sonatype-2016-0133

jquery - Uncontrolled Resource Consumption

PublishedMar 28, 2017