Using Components With Known Vulnerabilities

Most of the projects use third-party dependencies to delegate handling of different kind of operations, e.g. generation of document in a specific format, HTTP communications, data parsing of a specific format, etc. It’s a good approach because it allows the development team to focus on the real application code supporting the expected business feature. The dependency brings forth an expected downside where the security posture of the real application is now resting on it.

References

  1. https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities
  2. https://cheatsheetseries.owasp.org/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.html
  3. https://www.slideshare.net/anantshri/understanding-the-known-owasp-a9-using-components-with-known-vulnerabilities
  4. https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x22-V14-Config.md#v142-dependency

List of Using Components with Known Vulnerabilities Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : youtubefreedown 1 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : wp-royal-gallery 2 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : wp-lightpop 0.8.5.6 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : soundslides Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : so-audible Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : simple-flash-video 1.7 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : secure-html5-video-player 3.3 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : s3audible-amazon-s3-music-player Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : qiniu-uploader 0.1 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : podcasting 3.0.8 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : pb-embedflash 1.5.1 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : microaudio 0.6.2 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : mc2-custom-help-videos Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : link2player Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : html5-lyrics-karaoke-player <1.07 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : html5-jquery-audio-player Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : grand-media Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : global-flash-galleries 0.13.4 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : foliopress-wysiwyg 2.6.8.5 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : bookshelf 2 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned
wp-plugin : audio Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned