diff --git a/addOns/retire/CHANGELOG.md b/addOns/retire/CHANGELOG.md index df80e6d1089..114267b0ba0 100644 --- a/addOns/retire/CHANGELOG.md +++ b/addOns/retire/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Updated with upstream retire.js pattern changes. + ### Added - A helpful description for the add-on. diff --git a/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json b/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json index 4573d9e5e53..d863fe24887 100644 --- a/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json +++ b/addOns/retire/src/main/resources/org/zaproxy/addon/retire/resources/jsrepository.json @@ -3287,7 +3287,7 @@ "retid": "54" }, "info": [ - "https://blog.angular.io/discontinued-long-term-support-for-angularjs-cc066b82e65a?gi=9d3103b5445c" + "https://docs.angularjs.org/misc/version-support-status" ] }, { @@ -5249,6 +5249,51 @@ "https://github.com/advisories/GHSA-9v3m-8fp8-mj99", "https://github.com/twbs/bootstrap/issues/28236" ] + }, + { + "atOrAbove": "2.0.0", + "below": "999", + "cwe": [ + "CWE-79" + ], + "severity": "medium", + "identifiers": { + "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability", + "CVE": [ + "CVE-2024-6484" + ], + "githubID": "GHSA-9mvj-f7w8-pvh2" + }, + "info": [ + "https://github.com/advisories/GHSA-9mvj-f7w8-pvh2", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6484", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml", + "https://github.com/twbs/bootstrap", + "https://www.herodevs.com/vulnerability-directory/cve-2024-6484" + ] + }, + { + "atOrAbove": "4.0.0", + "below": "999", + "cwe": [ + "CWE-79" + ], + "severity": "medium", + "identifiers": { + "summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability", + "CVE": [ + "CVE-2024-6531" + ], + "githubID": "GHSA-vc8w-jr9v-vj7f" + }, + "info": [ + "https://github.com/advisories/GHSA-vc8w-jr9v-vj7f", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6531", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml", + "https://github.com/twbs/bootstrap", + "https://www.herodevs.com/vulnerability-directory/cve-2024-6531" + ] } ], "extractors": { @@ -5988,6 +6033,33 @@ "info": [ "https://github.com/axios/axios/pull/6300" ] + }, + { + "atOrAbove": "1.3.2", + "below": "1.7.4", + "cwe": [ + "CWE-918" + ], + "severity": "high", + "identifiers": { + "summary": "Server-Side Request Forgery in axios", + "CVE": [ + "CVE-2024-39338" + ], + "githubID": "GHSA-8hc4-vh64-cxmj" + }, + "info": [ + "https://github.com/advisories/GHSA-8hc4-vh64-cxmj", + "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", + "https://github.com/axios/axios/issues/6463", + "https://github.com/axios/axios/pull/6539", + "https://github.com/axios/axios/pull/6543", + "https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a", + "https://github.com/axios/axios", + "https://github.com/axios/axios/releases", + "https://github.com/axios/axios/releases/tag/v1.7.4", + "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html" + ] } ], "extractors": {