wordpress/6.6 package update #24066
wordpress/6.6 package update #24066
Conversation
![octo-sts[bot]](https://avatars.githubusercontent.com/in/801323?s=60&v=4){kind=small}
octo-sts
bot
commented
Jul 16, 2024
octo-sts
bot
commented
Signed-off-by: wolfi-bot <[email protected]>
octo-sts
bot
added
request-version-update
Package wordpress: Click to expand/collapsePackage wordpress: Package wordpress-oci-entrypoint: Click to expand/collapsePackage wordpress-oci-entrypoint: bincapz found differences: Click to expand/collapseAdded: wordpress/usr/src/wordpress/wp-includes/html-api/class-wp-html-decoder.php [
|
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | evasion/non_printable_chars | non-printable values unexpectedly passed to a function | <?php return '� return string Converted code point, or �](https://github.com/search?q=return+string+Converted+code+point%2C+or+%60%EF%BF%BD&type=code)<br>[return the Unicode Replacement Character U+FFFD �return the replacement character `� |
| +LOW | evasion/bitwise_math | uses bitwise math | point >> 12 point >> 18 point >> 6 |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://infra.spec.whatwg.org/ https://www.rfc-editor.org/rfc/rfc3629 |
Added: wordpress/usr/src/wordpress/wp-includes/js/dist/vendor/react-jsx-runtime.js [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/path/relative | references and possibly executes relative path | ./cjs ./node_modules |
| +MEDIUM | ref/words/exclamation | gets very excited | n return !! |
| +LOW | ref/site/url | contains embedded HTTPS URLs | facebook/react#13610 facebook/react#19099 facebook/react#22064 reactjs/rfcs#107 https://reactjs.org/docs/react-api.html https://reactjs.org/link/special-props https://reactjs.org/link/strict-mode-string-ref https://reactjs.org/link/warning-keys https://webpack.js.org/configuration/devtool/ https://webpack.js.org/configuration/mode/ |
Added: wordpress/usr/src/wordpress/wp-includes/html-api/html5-named-character-references.php [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/download | download files | needing to download it |
| +MEDIUM | ref/words/exclamation | gets very excited | THIS ENTIRE FILE IS AUTOMATICALLY GENERATED !!! |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://html.spec.whatwg.org/entities.json. |
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-includes/class-wp-token-map.php [⚠️ MEDIUM → ✅ ]
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/ba4cdd897fd65a8b891d996e2210 |
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-includes/blocks/media-text.php [⚠️ MEDIUM → ✅ ]
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/ba4cdd897fd65a8b891d996e2210 |
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-includes/http.php [⚠️ MEDIUM → 🔥 HIGH]
4 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +HIGH | ref/ip_port | hardcoded IP:port destination | 198.143.164.252:81 |
| +MEDIUM | 3P/threat_hunting/owasp | references 'OWASP' tool, by mthcht | /owasp |
| +MEDIUM | ref/ip | hardcoded IP address | 198.143.164.252 |
| +MEDIUM | ref/site/php | accesses hardcoded PHP endpoint | http://192.168.0.1/caniload.php http://exampleeeee.com/caniload.php |
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-includes/blocks/button.php [⚠️ MEDIUM → ✅ LOW]
1 new behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/words/plugin | references a 'plugin' | block has been modified by a plugin |
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-admin/user/contribute.php [⚠️ MEDIUM → ✅ ]
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/ba4cdd897fd65a8b891d996e2210 |
Moved: wordpress/var/lib/db/sbom/wordpress-6.5.5-r1.spdx.json -> /tmp/wolfictl-apk-3041734554/wordpress/var/lib/db/sbom/wordpress-6.6-r0.spdx.json (similarity: 0.96)
Changed: /tmp/wolfictl-apk-3041734554/wordpress/usr/src/wordpress/wp-includes/blocks/list.php [⚠️ MEDIUM → ✅ LOW]
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
Changed: /tmp/wolfictl-apk-3041734554/wordpress-oci-entrypoint/var/lib/db/sbom/wordpress-oci-entrypoint-6.6-r0.spdx.json
