graphql-hive icon indicating copy to clipboard operation
graphql-hive copied to clipboard

Published 20 hours ago verified publisher icon kamilkisiela

graphql-hive-router-0.0.1: 47 vulnerabilities (highest severity is: 9.8)

Open mend-bolt-for-github[bot] opened this issue 3 years ago • 2 comments

Vulnerable Library - graphql-hive-router-0.0.1

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (graphql-hive-router version) Remediation Possible**
CVE-2024-6772 Critical 9.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7024 Critical 9.3 v8-0.74.3.crate Transitive N/A*
CVE-2024-9603 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-9602 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-9122 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-9121 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-8904 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-8638 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-8194 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7971 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7970 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7969 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7965 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7550 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7535 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-7022 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-6779 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-6773 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-6101 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-6100 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5841 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5838 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5837 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5830 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5274 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-5158 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-4947 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-4761 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-3833 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-3169 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-3159 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-3156 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-2887 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-1939 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-0519 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2023-4762 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2023-2935 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2023-2724 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2021-30561 High 8.8 v8-0.74.3.crate Transitive N/A*
CVE-2024-45311 High 7.5 quinn-proto-0.11.6.crate Transitive N/A*
CVE-2024-27308 High 7.5 mio-0.8.9.crate Transitive N/A*
WS-2023-0366 Medium 6.5 rustix-0.37.20.crate Transitive N/A*
CVE-2024-43806 Medium 6.5 rustix-0.37.20.crate Transitive N/A*
CVE-2024-3832 Medium 5.5 v8-0.74.3.crate Transitive N/A*
CVE-2024-1938 Medium 5.5 v8-0.74.3.crate Transitive N/A*
CVE-2024-34064 Medium 5.4 v8-0.74.3.crate Transitive N/A*
CVE-2024-22195 Medium 5.4 v8-0.74.3.crate Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (24 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2024-6772

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-07-16

URL: CVE-2024-6772

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html

Release Date: 2024-07-16

Fix Resolution: v8-12.8.127

Step up your Open Source Security Game with Mend here

CVE-2024-7024

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Publish Date: 2024-09-23

URL: CVE-2024-7024

CVSS 3 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-09-23

Fix Resolution: v8-12.6.152

Step up your Open Source Security Game with Mend here

CVE-2024-9603

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-10-08

URL: CVE-2024-9603

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/367818758

Release Date: 2024-10-08

Fix Resolution: v8-13.1.132

Step up your Open Source Security Game with Mend here

CVE-2024-9602

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-10-08

URL: CVE-2024-9602

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/368241697

Release Date: 2024-10-08

Fix Resolution: v8-13.1.96

Step up your Open Source Security Game with Mend here

CVE-2024-9122

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-09-24

URL: CVE-2024-9122

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/365802567

Release Date: 2024-09-24

Fix Resolution: 13.1.20

Step up your Open Source Security Game with Mend here

CVE-2024-9121

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-09-24

URL: CVE-2024-9121

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/363538434

Release Date: 2024-09-24

Fix Resolution: v8-13.0.219

Step up your Open Source Security Game with Mend here

CVE-2024-8904

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-09-17

URL: CVE-2024-8904

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-8904

Release Date: 2024-09-17

Fix Resolution: v8-13.0.198

Step up your Open Source Security Game with Mend here

CVE-2024-8638

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-09-11

URL: CVE-2024-8638

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/362539773

Release Date: 2024-09-11

Fix Resolution: v8-13.0.167

Step up your Open Source Security Game with Mend here

CVE-2024-8194

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-28

URL: CVE-2024-8194

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-8194

Release Date: 2024-08-28

Fix Resolution: v8-13.0.16

Step up your Open Source Security Game with Mend here

CVE-2024-7971

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-21

URL: CVE-2024-7971

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-7971

Release Date: 2024-08-21

Fix Resolution: v8-13.0.16

Step up your Open Source Security Game with Mend here

CVE-2024-7970

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-09-03

URL: CVE-2024-7970

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-7970

Release Date: 2024-09-03

Fix Resolution: v8-13.0.86

Step up your Open Source Security Game with Mend here

CVE-2024-7969

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-21

URL: CVE-2024-7969

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/351865302

Release Date: 2024-08-21

Fix Resolution: v8-13.0.22

Step up your Open Source Security Game with Mend here

CVE-2024-7965

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-21

URL: CVE-2024-7965

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-7965

Release Date: 2024-08-21

Fix Resolution: v8-12.9.130

Step up your Open Source Security Game with Mend here

CVE-2024-7550

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-06

URL: CVE-2024-7550

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-7550

Release Date: 2024-08-06

Fix Resolution: v8-12.9.56

Step up your Open Source Security Game with Mend here

CVE-2024-7535

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-08-06

URL: CVE-2024-7535

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-7535

Release Date: 2024-08-06

Fix Resolution: v8-12.9.68

Step up your Open Source Security Game with Mend here

CVE-2024-7022

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Publish Date: 2024-09-23

URL: CVE-2024-7022

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/324690505

Release Date: 2024-09-23

Fix Resolution: v8-12.3.209

Step up your Open Source Security Game with Mend here

CVE-2024-6779

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-07-16

URL: CVE-2024-6779

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.chromium.org/issues/351327767

Release Date: 2024-07-16

Fix Resolution: v8-12.8.295

Step up your Open Source Security Game with Mend here

CVE-2024-6773

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-07-16

URL: CVE-2024-6773

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-07-16

Fix Resolution: v8-12.8.96

Step up your Open Source Security Game with Mend here

CVE-2024-6101

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-06-19

URL: CVE-2024-6101

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-6101

Release Date: 2024-06-20

Fix Resolution: v8-12.7.191

Step up your Open Source Security Game with Mend here

CVE-2024-6100

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-06-19

URL: CVE-2024-6100

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2293006

Release Date: 2024-06-17

Fix Resolution: v8-12.7.208

Step up your Open Source Security Game with Mend here

CVE-2024-5841

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Publish Date: 2024-06-11

URL: CVE-2024-5841

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-06-11

Fix Resolution: fd628a3450252d505bb017332c3cf09d26684668

Step up your Open Source Security Game with Mend here

CVE-2024-5838

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-06-11

URL: CVE-2024-5838

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-06-11

Fix Resolution: 5ab0723917535db1836753f0a8dca0335ca29812

Step up your Open Source Security Game with Mend here

CVE-2024-5837

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-06-11

URL: CVE-2024-5837

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-06-11

Fix Resolution: d2d190fb1306449c022296cdec1bb16341996d4a

Step up your Open Source Security Game with Mend here

CVE-2024-5830

Vulnerable Library - v8-0.74.3.crate

Rust bindings to V8

Library home page: https://static.crates.io/crates/v8/v8-0.74.3.crate

Path to dependency file: /Cargo.toml

Path to vulnerable library: /Cargo.toml

Dependency Hierarchy:

  • graphql-hive-router-0.0.1 (Root Library)
    • apollo-router-1.56.0.crate
      • router-bridge-0.6.3+v2.9.2.crate
        • deno_webidl-0.115.0.crate
          • deno_core-0.200.0.crate
            • :x: v8-0.74.3.crate (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2024-06-11

URL: CVE-2024-5830

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-06-11

Fix Resolution: cbd847cb1c2eaa126f0b96f002241c2ef5aa7c89

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Oct 25 '22 11:10 mend-bolt-for-github[bot]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-bolt-for-github[bot] avatar Jan 26 '23 09:01 mend-bolt-for-github[bot]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-bolt-for-github[bot] avatar Feb 01 '23 08:02 mend-bolt-for-github[bot]