CWE-1104
AllowedUse of Unmaintained Third Party Components
Abstraction: Base · Status: Incomplete
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
45 vulnerabilities reference this CWE, most recent first.
GHSA-32F8-HMR3-7VXG
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 19:57Azure Storage Movement Client Library Denial of Service Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.Azure.Storage.DataMovement"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35252"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-11T19:57:04Z",
"nvd_published_at": "2024-06-11T17:16:02Z",
"severity": "HIGH"
},
"details": "Azure Storage Movement Client Library Denial of Service Vulnerability",
"id": "GHSA-32f8-hmr3-7vxg",
"modified": "2024-06-11T19:57:05Z",
"published": "2024-06-11T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35252"
},
{
"type": "PACKAGE",
"url": "https://github.com/Azure/azure-storage-net-data-movement"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35252"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Azure Storage Movement Client Library Denial of Service Vulnerability"
}
GHSA-34H3-V5R4-2979
Vulnerability from github – Published: 2026-03-26 15:30 – Updated: 2026-03-26 15:30HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.
{
"affected": [],
"aliases": [
"CVE-2025-55277"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T13:16:27Z",
"severity": "LOW"
},
"details": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.",
"id": "GHSA-34h3-v5r4-2979",
"modified": "2026-03-26T15:30:39Z",
"published": "2026-03-26T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55277"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129793"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-36M4-PCQV-XCXP
Vulnerability from github – Published: 2025-10-27 12:32 – Updated: 2025-10-27 12:32The device is running an outdated operating system, which may be susceptible to known vulnerabilities.
{
"affected": [],
"aliases": [
"CVE-2025-10561"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T10:15:36Z",
"severity": "CRITICAL"
},
"details": "The device is running an outdated operating system, which may be susceptible to known vulnerabilities.",
"id": "GHSA-36m4-pcqv-xcxp",
"modified": "2025-10-27T12:32:50Z",
"published": "2025-10-27T12:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10561"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HM3-RC3W-G6PC
Vulnerability from github – Published: 2025-09-10 15:31 – Updated: 2025-09-10 15:31Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.
{
"affected": [],
"aliases": [
"CVE-2025-10220"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-10T13:15:35Z",
"severity": "CRITICAL"
},
"details": "Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.",
"id": "GHSA-4hm3-rc3w-g6pc",
"modified": "2025-09-10T15:31:16Z",
"published": "2025-09-10T15:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10220"
},
{
"type": "WEB",
"url": "https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5H75-X63Q-JGXV
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
{
"affected": [],
"aliases": [
"CVE-2022-46871"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox \u003c 108.",
"id": "GHSA-5h75-x63q-jgxv",
"modified": "2025-04-15T15:30:37Z",
"published": "2022-12-22T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46871"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795697"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-06"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-13"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5322"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5355"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-51"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5PWW-X83Q-7GJH
Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2025-05-17 03:30BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.
Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.
BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.
{
"affected": [],
"aliases": [
"CVE-2025-40906"
],
"database_specific": {
"cwe_ids": [
"CWE-1104",
"CWE-122"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T16:15:41Z",
"severity": "CRITICAL"
},
"details": "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\n\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. \n\nBSON-XS was the official Perl XS implementation of MongoDB\u0027s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.",
"id": "GHSA-5pww-x83q-7gjh",
"modified": "2025-05-17T03:30:32Z",
"published": "2025-05-16T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40906"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
},
{
"type": "WEB",
"url": "https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69J9-XJ6J-FMPQ
Vulnerability from github – Published: 2023-11-22 03:30 – Updated: 2023-11-22 03:30Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
{
"affected": [],
"aliases": [
"CVE-2021-22142"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-22T01:15:07Z",
"severity": "MODERATE"
},
"details": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.",
"id": "GHSA-69j9-xj6j-fmpq",
"modified": "2023-11-22T03:30:19Z",
"published": "2023-11-22T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22142"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XH3-2PJ7-GXGM
Vulnerability from github – Published: 2025-01-22 03:30 – Updated: 2025-01-24 00:31This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).
Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
{
"affected": [],
"aliases": [
"CVE-2025-23087"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T02:15:34Z",
"severity": "HIGH"
},
"details": "This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).\n\nUsers are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.",
"id": "GHSA-7xh3-2pj7-gxgm",
"modified": "2025-01-24T00:31:46Z",
"published": "2025-01-22T03:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23087"
},
{
"type": "WEB",
"url": "https://endoflife.date/nodejs"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-872C-WM88-24F5
Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-10 15:31HCL MyXalytics
6.6. product is affected by Use of Vulnerable/Outdated Versions Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-52658"
],
"database_specific": {
"cwe_ids": [
"CWE-1021",
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-03T19:15:46Z",
"severity": "LOW"
},
"details": "HCL MyXalytics\u00a0 \n\n6.6.\u00a0 product is affected by Use of Vulnerable/Outdated Versions Vulnerability",
"id": "GHSA-872c-wm88-24f5",
"modified": "2025-10-10T15:31:27Z",
"published": "2025-10-03T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52658"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C878-94H7-33G3
Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-24 21:30Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations.
{
"affected": [],
"aliases": [
"CVE-2025-34192"
],
"database_specific": {
"cwe_ids": [
"CWE-1104"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-19T19:15:39Z",
"severity": "CRITICAL"
},
"details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations.",
"id": "GHSA-c878-94h7-33g3",
"modified": "2025-09-24T21:30:35Z",
"published": "2025-09-19T21:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34192"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-outdated-openssl"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-usage-of-outdated-and-unsupported-openssl-version"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.