NodeJS/karma/2.0.0
Spectacular Test Runner for JavaScript.
https://www.npmjs.com/package/karma
MIT
2 Security Vulnerabilities
Cross-site Scripting in karma
Published date: 2022-02-06T00:00:54Z
CVE: CVE-2022-0437
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0437
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma/releases/tag/v6.3.14
- https://github.com/advisories/GHSA-7x7c-qm48-pq9c
karma prior to version 6.3.14 contains a cross-site scripting vulnerability.
Affected versions:
["0.8.0", "0.9.0-dart", "0.8.1", "0.8.2", "0.8.3", "0.9.0", "0.8.4", "0.9.1", "0.8.5", "0.9.2", "0.9.2-dart", "0.9.3", "0.8.6", "0.9.4", "0.8.7", "0.9.5", "0.9.6", "0.8.8", "0.9.7", "0.9.8", "0.10.0", "0.10.1", "0.10.2", "0.11.0", "0.11.1", "0.10.3", "0.10.4", "0.11.2", "0.11.3", "0.10.5", "0.11.4", "0.11.5", "0.10.6", "0.11.6", "0.10.7", "0.11.7", "0.11.8", "0.11.9", "0.10.8", "0.11.10", "0.11.11", "0.11.12", "0.10.9", "0.11.12-dev2", "0.11.13", "0.11.14", "0.12.0", "0.10.10", "0.12.1", "0.12.2", "0.12.3", "0.12.4", "0.12.5", "0.12.6", "0.12.6-beta-43e6e28", "0.12.7", "0.12.8", "0.12.9", "0.12.10", "0.12.11", "0.12.12", "0.12.11-beta-3029418", "0.12.13", "0.12.14", "0.12.15", "0.12.16", "0.12.16-beta-905422d", "0.12.17", "0.12.18", "0.12.19", "0.12.20", "0.12.21", "0.12.22", "0.12.23", "0.12.24", "0.12.24-beta-6cf7955", "0.12.25", "0.12.25-beta-37a7958", "0.12.25-beta-ad5bc24", "0.12.26", "0.12.27", "0.12.28", "0.12.28-beta-b9be580", "0.12.29", "0.12.30", "0.12.31", "0.12.28-beta-f65c864", "0.12.24-dev-test", "0.12.24-dev-socketio10", "0.12.24-dev-socketio10-2", "0.12.32-beta.0", "0.12.32", "0.13.0-rc.0", "0.12.33", "0.13.0-rc.1", "0.12.34", "0.13.0-rc.2", "0.12.35", "0.13.0-rc.3", "0.12.36", "0.13.0-rc.4", "0.12.37", "0.13.0-rc.5", "0.13.0-rc.6", "0.13.0-rc.7", "0.13.0-rc.8", "0.13.0-rc.9", "0.13.0", "0.13.1", "0.13.2", "0.13.3", "0.13.4", "0.13.5", "0.13.6", "0.13.7", "0.13.8", "0.13.9", "0.13.10", "0.13.11", "0.13.12", "0.13.13", "0.13.14", "0.13.15", "0.13.16", "0.13.17", "0.13.18", "0.13.19", "0.13.20", "0.13.21", "0.13.22", "1.0.0", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.6.0", "1.7.0", "1.7.1", "2.0.0", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "3.0.0", "3.1.0", "3.1.1", "3.1.2", "3.1.3", "3.1.4", "4.0.0", "4.0.1", "4.1.0", "4.2.0", "4.3.0", "4.4.0", "4.4.1", "5.0.0", "5.0.1", "5.0.2", "5.0.3", "5.0.4", "5.0.5", "5.0.6", "5.0.7", "5.0.8", "5.0.9", "5.1.0", "5.1.1", "5.2.0", "5.2.1", "5.2.2", "5.2.3", "6.0.0", "6.0.1", "6.0.2", "6.0.3", "6.0.4", "6.1.0", "6.1.1", "6.1.2", "6.2.0", "6.3.0", "6.3.1", "6.3.2", "6.3.3", "6.3.4", "6.3.5", "6.3.6", "6.3.7", "6.3.8", "6.3.9", "6.3.10", "6.3.11", "6.3.12", "6.3.13"]
Secure versions:
[6.3.16, 6.3.17, 6.3.18, 6.3.19, 6.3.20, 6.4.0, 6.4.1, 6.4.2, 6.4.3]
Recommendation:
Update to version 6.4.3.
Open redirect in karma
Published date: 2022-02-26T00:00:38Z
CVE: CVE-2021-23495
Links:
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Affected versions:
["0.8.0", "0.9.0-dart", "0.8.1", "0.8.2", "0.8.3", "0.9.0", "0.8.4", "0.9.1", "0.8.5", "0.9.2", "0.9.2-dart", "0.9.3", "0.8.6", "0.9.4", "0.8.7", "0.9.5", "0.9.6", "0.8.8", "0.9.7", "0.9.8", "0.10.0", "0.10.1", "0.10.2", "0.11.0", "0.11.1", "0.10.3", "0.10.4", "0.11.2", "0.11.3", "0.10.5", "0.11.4", "0.11.5", "0.10.6", "0.11.6", "0.10.7", "0.11.7", "0.11.8", "0.11.9", "0.10.8", "0.11.10", "0.11.11", "0.11.12", "0.10.9", "0.11.12-dev2", "0.11.13", "0.11.14", "0.12.0", "0.10.10", "0.12.1", "0.12.2", "0.12.3", "0.12.4", "0.12.5", "0.12.6", "0.12.6-beta-43e6e28", "0.12.7", "0.12.8", "0.12.9", "0.12.10", "0.12.11", "0.12.12", "0.12.11-beta-3029418", "0.12.13", "0.12.14", "0.12.15", "0.12.16", "0.12.16-beta-905422d", "0.12.17", "0.12.18", "0.12.19", "0.12.20", "0.12.21", "0.12.22", "0.12.23", "0.12.24", "0.12.24-beta-6cf7955", "0.12.25", "0.12.25-beta-37a7958", "0.12.25-beta-ad5bc24", "0.12.26", "0.12.27", "0.12.28", "0.12.28-beta-b9be580", "0.12.29", "0.12.30", "0.12.31", "0.12.28-beta-f65c864", "0.12.24-dev-test", "0.12.24-dev-socketio10", "0.12.24-dev-socketio10-2", "0.12.32-beta.0", "0.12.32", "0.13.0-rc.0", "0.12.33", "0.13.0-rc.1", "0.12.34", "0.13.0-rc.2", "0.12.35", "0.13.0-rc.3", "0.12.36", "0.13.0-rc.4", "0.12.37", "0.13.0-rc.5", "0.13.0-rc.6", "0.13.0-rc.7", "0.13.0-rc.8", "0.13.0-rc.9", "0.13.0", "0.13.1", "0.13.2", "0.13.3", "0.13.4", "0.13.5", "0.13.6", "0.13.7", "0.13.8", "0.13.9", "0.13.10", "0.13.11", "0.13.12", "0.13.13", "0.13.14", "0.13.15", "0.13.16", "0.13.17", "0.13.18", "0.13.19", "0.13.20", "0.13.21", "0.13.22", "1.0.0", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.6.0", "1.7.0", "1.7.1", "2.0.0", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "3.0.0", "3.1.0", "3.1.1", "3.1.2", "3.1.3", "3.1.4", "4.0.0", "4.0.1", "4.1.0", "4.2.0", "4.3.0", "4.4.0", "4.4.1", "5.0.0", "5.0.1", "5.0.2", "5.0.3", "5.0.4", "5.0.5", "5.0.6", "5.0.7", "5.0.8", "5.0.9", "5.1.0", "5.1.1", "5.2.0", "5.2.1", "5.2.2", "5.2.3", "6.0.0", "6.0.1", "6.0.2", "6.0.3", "6.0.4", "6.1.0", "6.1.1", "6.1.2", "6.2.0", "6.3.0", "6.3.1", "6.3.2", "6.3.3", "6.3.4", "6.3.5", "6.3.6", "6.3.7", "6.3.8", "6.3.9", "6.3.10", "6.3.11", "6.3.12", "6.3.13", "6.3.14", "6.3.15"]
Secure versions:
[6.3.16, 6.3.17, 6.3.18, 6.3.19, 6.3.20, 6.4.0, 6.4.1, 6.4.2, 6.4.3]
Recommendation:
Update to version 6.4.3.
210 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.9.0-dart | MIT | 2 | 2013-03-26 - 03:33 | about 11 years |
| 0.8.8 | MIT | 2 | 2013-07-31 - 04:29 | over 10 years |
| 0.8.7 | MIT | 2 | 2013-07-19 - 02:49 | almost 11 years |
| 0.8.6 | MIT | 2 | 2013-06-17 - 06:38 | almost 11 years |
| 0.8.5 | MIT | 2 | 2013-04-13 - 07:52 | about 11 years |
| 0.8.4 | MIT | 2 | 2013-04-03 - 22:19 | about 11 years |
| 0.8.3 | MIT | 2 | 2013-04-02 - 22:26 | about 11 years |
| 0.8.2 | MIT | 2 | 2013-04-02 - 05:27 | about 11 years |
| 0.8.1 | MIT | 2 | 2013-03-29 - 23:35 | about 11 years |
| 0.8.0 | MIT | 2 | 2013-03-18 - 23:23 | about 11 years |