Common Weakness Enumeration

CWE-1104

Allowed

Use of Unmaintained Third Party Components

Abstraction: Base · Status: Incomplete

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

45 vulnerabilities reference this CWE, most recent first.

GHSA-32F8-HMR3-7VXG

Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-06-11 19:57
VLAI
Summary
Azure Storage Movement Client Library Denial of Service Vulnerability
Details

Azure Storage Movement Client Library Denial of Service Vulnerability

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.Azure.Storage.DataMovement"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-35252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-11T19:57:04Z",
    "nvd_published_at": "2024-06-11T17:16:02Z",
    "severity": "HIGH"
  },
  "details": "Azure Storage Movement Client Library Denial of Service Vulnerability",
  "id": "GHSA-32f8-hmr3-7vxg",
  "modified": "2024-06-11T19:57:05Z",
  "published": "2024-06-11T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35252"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Azure/azure-storage-net-data-movement"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35252"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Azure Storage Movement Client Library Denial of Service Vulnerability"
}

GHSA-34H3-V5R4-2979

Vulnerability from github – Published: 2026-03-26 15:30 – Updated: 2026-03-26 15:30
VLAI
Details

HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-26T13:16:27Z",
    "severity": "LOW"
  },
  "details": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.",
  "id": "GHSA-34h3-v5r4-2979",
  "modified": "2026-03-26T15:30:39Z",
  "published": "2026-03-26T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55277"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129793"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-36M4-PCQV-XCXP

Vulnerability from github – Published: 2025-10-27 12:32 – Updated: 2025-10-27 12:32
VLAI
Details

The device is running an outdated operating system, which may be susceptible to known vulnerabilities.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-27T10:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "The device is running an outdated operating system, which may be susceptible to known vulnerabilities.",
  "id": "GHSA-36m4-pcqv-xcxp",
  "modified": "2025-10-27T12:32:50Z",
  "published": "2025-10-27T12:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10561"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4HM3-RC3W-G6PC

Vulnerability from github – Published: 2025-09-10 15:31 – Updated: 2025-09-10 15:31
VLAI
Details

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-10T13:15:35Z",
    "severity": "CRITICAL"
  },
  "details": "Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.",
  "id": "GHSA-4hm3-rc3w-g6pc",
  "modified": "2025-09-10T15:31:16Z",
  "published": "2025-09-10T15:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10220"
    },
    {
      "type": "WEB",
      "url": "https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5H75-X63Q-JGXV

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI
Details

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox \u003c 108.",
  "id": "GHSA-5h75-x63q-jgxv",
  "modified": "2025-04-15T15:30:37Z",
  "published": "2022-12-22T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46871"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795697"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-06"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-13"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5322"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5355"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-51"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5PWW-X83Q-7GJH

Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2025-05-17 03:30
VLAI
Details

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.

Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755.

BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104",
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-16T16:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.\n\nThose include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. \n\nBSON-XS was the official Perl XS implementation of MongoDB\u0027s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.",
  "id": "GHSA-5pww-x83q-7gjh",
  "modified": "2025-05-17T03:30:32Z",
  "published": "2025-05-16T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40906"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mongodb.com/community/forums/t/mongodb-perl-driver-end-of-life/7890"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69J9-XJ6J-FMPQ

Vulnerability from github – Published: 2023-11-22 03:30 – Updated: 2023-11-22 03:30
VLAI
Details

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-22T01:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.",
  "id": "GHSA-69j9-xj6j-fmpq",
  "modified": "2023-11-22T03:30:19Z",
  "published": "2023-11-22T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22142"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XH3-2PJ7-GXGM

Vulnerability from github – Published: 2025-01-22 03:30 – Updated: 2025-01-24 00:31
VLAI
Details

This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).

Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T02:15:34Z",
    "severity": "HIGH"
  },
  "details": "This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).\n\nUsers are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.",
  "id": "GHSA-7xh3-2pj7-gxgm",
  "modified": "2025-01-24T00:31:46Z",
  "published": "2025-01-22T03:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23087"
    },
    {
      "type": "WEB",
      "url": "https://endoflife.date/nodejs"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-872C-WM88-24F5

Vulnerability from github – Published: 2025-10-03 21:30 – Updated: 2025-10-10 15:31
VLAI
Details

HCL MyXalytics 

6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1021",
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-03T19:15:46Z",
    "severity": "LOW"
  },
  "details": "HCL MyXalytics\u00a0 \n\n6.6.\u00a0 product is affected by Use of Vulnerable/Outdated Versions Vulnerability",
  "id": "GHSA-872c-wm88-24f5",
  "modified": "2025-10-10T15:31:27Z",
  "published": "2025-10-03T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52658"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C878-94H7-33G3

Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-24 21:30
VLAI
Details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T19:15:39Z",
    "severity": "CRITICAL"
  },
  "details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations.",
  "id": "GHSA-c878-94h7-33g3",
  "modified": "2025-09-24T21:30:35Z",
  "published": "2025-09-19T21:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34192"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-outdated-openssl"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-usage-of-outdated-and-unsupported-openssl-version"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.