Skip to content

swfobject-2.2.js: 1 vulnerabilities (highest severity is: 9.8) #6

Description

@mend-for-github-com
Vulnerable Library - swfobject-2.2.js

SWFObject is an easy-to-use and standards-friendly method to embed Flash content, which utilizes one small JavaScript file

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swfobject/2.2/swfobject.js

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Vulnerabilities

Vulnerability Severity CVSS Dependency Type Fixed in (swfobject version) Remediation Possible**
CVE-2012-2400 Critical 9.8 swfobject-2.2.js Direct 3.3.2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2012-2400

Vulnerable Library - swfobject-2.2.js

SWFObject is an easy-to-use and standards-friendly method to embed Flash content, which utilizes one small JavaScript file

Library home page: https://cdnjs.cloudflare.com/ajax/libs/swfobject/2.2/swfobject.js

Dependency Hierarchy:

  • swfobject-2.2.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.

Publish Date: 2012-04-21

URL: CVE-2012-2400

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2400

Release Date: 2012-04-21

Fix Resolution: 3.3.2

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions