Hello,

 

We have identified that several JavaScript libraries used in the system are outdated and contain publicly known security vulnerabilities. If these libraries are not updated with their latest security patches, they could expose the system to potential attacks or unauthorized access.

 

References:{}

•CWE-1104: Use of Unmaintained Third-Party Components

•Underscore.js Package Versions

•Axios Release Notes

 

Affected Files:{}

• /download/batch/com.atlassian.crowd.crowd-frontend-plugin:split_vendors-node_modules_axios_index_js-node_modules_lodash_get_js-node_modules_lodash_merge_js-n-458b87/com.atlassian.crowd.crowd-frontend-plugin:split_vendors-node_modules_axios_index_js-node_modules_lodash_get_js-node_modules_lodash_merge_js-n-458b87.js

• /download/contextbatch/js/aui,atl.general,bamboo.configuration,-_super/batch.js?locale=en

 

Additional Vulnerabilities Identified:{}

•CVE-2023-45857{}

•CVE-2021-23358{}