CVEs Impacting Pipelines

JFrog Release Information
ft:sourceType
Paligo

CVE

Severity

Pipelines Fix Version

Reason

CVE-2020-1712

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-29526

Medium

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-31879

Medium

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-29403

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-23177

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2020-21674

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2016-4074

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2017-14502

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-36227

Critical

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2021-31566

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-32149

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-27561

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2023-25173

High

1.44.0

Build runtimes were vulnerable to malicious scripts.

CVE-2022-24921

High

1.27.0

User can cause stack exhaustion using jfrog cli in a step, but this would merely lead to a step failing.

CVE-2022-30634

High

1.27.0

Jfrog cli prevents a max buffer from being passed by the user.

CVE-2022-0235

Medium

1.24.0

Removed node-fetch dependency.