CVEs Impacting Pipelines

JFrog Release Information

ft:sourceType
Paligo

CVE

Severity

Pipelines Fix Version

Reason

CVE-2023-2253

Medium

1.55.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-45285

High

1.55.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-4039

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2019-13224

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2017-9226

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2019-16163

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-45853

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2019-19204

Medium

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-45287

High

1.54.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-27533

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-0401

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-211304

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-2309

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-187869

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-38039

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-23916

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27406

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-35945

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2016-7798

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-0217

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-32206

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-41742

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27776

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-28319

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-2804

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-48174

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-46463

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-4911

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-34969

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-38545

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-4813

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-4527

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-4806

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-2603

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2017-8399

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27774

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2000-1254

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-46462

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-43551

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-40303

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-42373

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-208864

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-194621

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-32207

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-4160

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-199539

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-32221

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-42916

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-194917

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27782

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-41741

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-187870

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-42915

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-46461

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2018-25032

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-178746

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-22576

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-37434

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-188263

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-177934

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-29824

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27780

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-28391

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-0286

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27775

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-2097

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-23915

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-208638

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-209461

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-30115

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-30560

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-2068

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27774

Medium

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27404

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-42377

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-1292

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-203229

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-178266

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-23914

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27775

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-210287

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-40304

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-199230

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-0778

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-0216

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-1271

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-178745

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-1999

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-200872

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-187517

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-25139

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-187662

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27405

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-194918

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-174332

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-2004

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-139470

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-27781

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

XRAY-187364

High

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-28154

Critical

1.52.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-22578

Critical

1.51.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-38545

High

1.50.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-2603

Medium

1.50.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-38545

High

1.49.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-39323

Critical

1.49.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-39318

Medium

1.49.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-39319

Medium

1.49.0

Build runtimes were vulnerable to malicious scripts.

CVE-2020-1712

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-29526

Medium

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-31879

Medium

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-29403

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-23177

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2020-21674

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2016-4074

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2017-14502

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-36227

Critical

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-31566

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-32149

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-27561

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-25173

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-24921

High

1.27.0

User can cause stack exhaustion using jfrog cli in a step, but this would merely lead to a step failing.

CVE-2022-30634

High

1.27.0

Jfrog cli prevents a max buffer from being passed by the user.

CVE-2022-0235

Medium

1.24.0

Removed node-fetch dependency.