Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities Dashboard - Dependencies #18

Open
mantel-group-nullify bot opened this issue Dec 3, 2024 · 0 comments
Open

Vulnerabilities Dashboard - Dependencies #18

mantel-group-nullify bot opened this issue Dec 3, 2024 · 0 comments

Comments

@mantel-group-nullify
Copy link

mantel-group-nullify bot commented Dec 3, 2024
edited
Loading

Severity Threshold: πŸ”΅ MEDIUM

Repository Summary

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
13 53 38 0

package-lock.json

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
2 16 13 0

ID: 01JE5DHAKP220SB78428CQE871 Package: lodash Version: 4.17.4 Vulnerabilities: 7 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 4.17.4 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 4.17.4 Initial Release 4.17.14 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 4.17.4 Initial Release 4.17.14 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 4.17.4 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DHAKP220SB78426D2VKAA Package: json-schema Version: 0.2.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-3918 CRITICAL json-schema is vulnerable to Prototype Pollution 0.2.3 Initial Release 0.4.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842G11A7E3 Package: node-forge Version: 0.7.1 Vulnerabilities: 5 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7720 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-609293 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JS-NODEFORGE-598677 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
CVE-2022-0122 MEDIUM Open Redirect in node-forge 0.7.1 Initial Release 1.0.0 NEGLIGIBLE
CVE-2022-24773 MEDIUM Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24771 HIGH Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24772 HIGH Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB78425DJYWEE Package: hoek Version: 2.16.3 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3728 HIGH Prototype Pollution in hoek 2.16.3 Initial Release 4.2.1 NEGLIGIBLE
CVE-2020-36604 HIGH hoek subject to prototype pollution via the clone function. 2.16.3 Initial Release 9.0.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842SMCQ9PR Package: tough-cookie Version: 2.3.2 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-15010 HIGH Regular Expression Denial of Service in tough-cookie 2.3.2 Initial Release 2.3.3 NEGLIGIBLE
CVE-2023-26136 MEDIUM tough-cookie Prototype Pollution vulnerability 2.3.2 Initial Release 4.1.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841SETCW8Z Package: async Version: 2.5.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-43138 HIGH Prototype Pollution in async 2.5.0 2.0.0 3.2.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841X0D34HN Package: debug Version: 2.2.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20165 HIGH debug Inefficient Regular Expression Complexity vulnerability 2.2.0 Initial Release 3.1.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841Y69WBKC Package: dot-prop Version: 4.2.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-8116 HIGH dot-prop Prototype Pollution vulnerability 4.2.0 Initial Release 4.2.1 NEGLIGIBLE

ID: 01JE5DHAKP220SB78421R2FGWJ Package: hawk Version: 3.1.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-29167 HIGH Uncontrolled Resource Consumption in Hawk 3.1.3 Initial Release 9.0.1 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842C2KHE5S Package: mime Version: 1.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16138 HIGH mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input 1.4.0 Initial Release 2.0.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842J4F9227 Package: qs Version: 6.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.4.0 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842NJKJ46G Package: sshpk Version: 1.13.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3737 HIGH Regular Expression Denial of Service in sshpk 1.13.1 Initial Release 1.13.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841NGCC2CV Package: ajv Version: 4.11.8 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-15366 MEDIUM Prototype Pollution in Ajv 4.11.8 Initial Release 6.12.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841WX7RSGX Package: base64url Version: 2.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Out-of-bounds Read in base64url 2.0.0 Initial Release 3.0.0 N/A

ID: 01JE5DHAKP220SB7841YH3G5V2 Package: extend Version: 3.0.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-16492 MEDIUM Prototype Pollution in extend 3.0.1 Initial Release 3.0.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842FCMV35B Package: ms Version: 0.7.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20162 MEDIUM Vercel ms Inefficient Regular Expression Complexity vulnerability 0.7.1 Initial Release 2.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842J95F85H Package: request Version: 2.81.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.81.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842RVT956E Package: stringstream Version: 0.0.5 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-21270 MEDIUM Out-of-bounds Read in stringstream 0.0.5 Initial Release 0.0.6 NEGLIGIBLE

ID: 01JE5DHAKP220SB7842WTWAVYT Package: xml2js Version: 0.4.19 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-0842 MEDIUM xml2js is vulnerable to prototype pollution 0.4.19 Initial Release 0.5.0 NEGLIGIBLE

package.json

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
11 37 25 0

ID: 01JE5DHAKP220SB7840118GF7G Package: handlebars Version: 4.0.6 Vulnerabilities: 10 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A HIGH Prototype Pollution in handlebars 4.0.6 Initial Release 4.1.2 N/A
CVE-2019-19919 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.3.0 NEGLIGIBLE
CVE-2019-20922 HIGH Regular Expression Denial of Service in Handlebars 4.0.6 4.0.0 4.4.5 NEGLIGIBLE
SNYK-JS-HANDLEBARS-480388 HIGH Regular Expression Denial of Service in Handlebars 4.0.6 4.0.0 4.4.5 NEGLIGIBLE
N/A MEDIUM Denial of Service in handlebars 4.0.6 4.0.0 4.4.5 N/A
N/A HIGH Arbitrary Code Execution in handlebars 4.0.6 4.0.0 4.5.2 N/A
CVE-2019-20920 HIGH Arbitrary Code Execution in Handlebars 4.0.6 4.0.0 4.5.3 NEGLIGIBLE
SNYK-JS-HANDLEBARS-534478 HIGH Arbitrary Code Execution in Handlebars 4.0.6 4.0.0 4.5.3 NEGLIGIBLE
N/A HIGH Prototype Pollution in handlebars 4.0.6 4.0.0 4.5.3 N/A
N/A HIGH Arbitrary Code Execution in handlebars 4.0.6 4.0.0 4.5.3 N/A
CVE-2021-23383 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1279031 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1279032 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1279030 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JS-HANDLEBARS-1279029 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
CVE-2021-23369 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074950 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074951 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074952 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JS-HANDLEBARS-1056767 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840GTHRV05 Package: lodash Version: 4.9.0 Vulnerabilities: 7 Type: Direct

cctv001/node_modules/google-auth-library/package.json

Line 40 in bf54d4b

"lodash.noop": "^3.0.1",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 4.9.0 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 4.9.0 Initial Release 4.17.14 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 4.9.0 Initial Release 4.17.14 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 4.9.0 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840CTYKX0V Package: lodash Version: 3.7.0 Vulnerabilities: 7 Type: Direct

cctv001/node_modules/google-auth-library/package.json

Line 40 in bf54d4b

"lodash.noop": "^3.0.1",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 3.7.0 Initial Release 4.6.1 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 3.7.0 Initial Release 4.6.1 NEGLIGIBLE
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 3.7.0 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 3.7.0 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840SH5TK1S Package: minimist Version: 1.2.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7598 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
CVE-2021-44906 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
GHSA-xvch-5gv4-984h MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
CVE-2020-7598 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
CVE-2021-44906 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
GHSA-vh95-rmgr-6w4m CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840SF4QJ5Y Package: minimist Version: 0.0.8 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7598 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
CVE-2021-44906 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
GHSA-xvch-5gv4-984h MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
CVE-2020-7598 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
CVE-2021-44906 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
GHSA-vh95-rmgr-6w4m CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE

ID: 01JE5DHAKP220SB784009Q1M0M Package: growl Version: 1.9.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16042 CRITICAL Growl before 1.10.0 vulnerable to Command Injection 1.9.2 Initial Release 1.10.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB78408VBB5RP Package: json-schema Version: 0.2.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-3918 CRITICAL json-schema is vulnerable to Prototype Pollution 0.2.3 Initial Release 0.4.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841KBPMBNZ Package: underscore Version: 1.8.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23358 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1081504 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1081503 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JS-UNDERSCORE-1080984 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841J9DV515 Package: underscore Version: 1.6.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23358 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1081504 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1081503 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JS-UNDERSCORE-1080984 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840W08KG2F Package: node-forge Version: 0.6.46 Vulnerabilities: 5 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7720 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-609293 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JS-NODEFORGE-598677 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
CVE-2022-0122 MEDIUM Open Redirect in node-forge 0.6.46 Initial Release 1.0.0 NEGLIGIBLE
CVE-2022-24773 MEDIUM Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24771 HIGH Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24772 HIGH Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840HF3TG5F Package: marked Version: 0.3.6 Vulnerabilities: 4 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000427 MEDIUM Marked vulnerable to XSS from data URIs 0.3.6 Initial Release 0.3.7 NEGLIGIBLE
CVE-2017-16114 HIGH Regular Expression Denial of Service in marked 0.3.6 Initial Release 0.3.9 NEGLIGIBLE
CVE-2022-21681 HIGH Inefficient Regular Expression Complexity in marked 0.3.6 Initial Release 4.0.10 NEGLIGIBLE
CVE-2022-21680 HIGH Inefficient Regular Expression Complexity in marked 0.3.6 Initial Release 4.0.10 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840742P6A4 Package: hoek Version: 2.16.3 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3728 HIGH Prototype Pollution in hoek 2.16.3 Initial Release 4.2.1 NEGLIGIBLE
CVE-2020-36604 HIGH hoek subject to prototype pollution via the clone function. 2.16.3 Initial Release 9.0.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840YXAYANE Package: qs Version: 6.2.1 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000048 HIGH Prototype Pollution Protection Bypass in qs 6.2.1 6.2.0 6.3.2 NEGLIGIBLE
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.2.1 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB78411J3KPHJ Package: qs Version: 6.3.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000048 HIGH Prototype Pollution Protection Bypass in qs 6.3.0 6.3.0 6.3.2 NEGLIGIBLE
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.3.0 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB78407ANWJMW Package: is-my-json-valid Version: 2.15.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-1107 MEDIUM Regular expression deinal of service (ReDoS) in is-my-json-valid 2.15.0 Initial Release 2.17.2 NEGLIGIBLE
CVE-2016-2537 HIGH Regular Expression Denial of Service in is-my-json-valid 2.15.0 Initial Release 2.17.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB78407WDEPXE Package: js-yaml Version: 3.6.1 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Denial of Service in js-yaml 3.6.1 Initial Release 3.13.0 N/A
N/A HIGH Code Injection in js-yaml 3.6.1 Initial Release 3.13.1 N/A

ID: 01JE5DHAKP220SB784166GZYCC Package: shelljs Version: 0.3.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-0144 HIGH Improper Privilege Management in shelljs 0.3.0 Initial Release 0.8.5 NEGLIGIBLE
N/A MEDIUM Improper Privilege Management in shelljs 0.3.0 Initial Release 0.8.5 N/A

ID: 01JE5DHAKP220SB7841G9BF2QX Package: tough-cookie Version: 2.3.2 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-15010 HIGH Regular Expression Denial of Service in tough-cookie 2.3.2 Initial Release 2.3.3 NEGLIGIBLE
CVE-2023-26136 MEDIUM tough-cookie Prototype Pollution vulnerability 2.3.2 Initial Release 4.1.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB783ZR28WG43 Package: brace-expansion Version: 1.1.6 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-18077 HIGH ReDoS in brace-expansion 1.1.6 Initial Release 1.1.7 NEGLIGIBLE

ID: 01JE5DHAKP220SB783ZVK82Q99 Package: debug Version: 2.2.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20165 HIGH debug Inefficient Regular Expression Complexity vulnerability 2.2.0 Initial Release 3.1.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB783ZVKKP17C Package: diff Version: 1.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A HIGH Regular Expression Denial of Service (ReDoS) 1.4.0 Initial Release 3.5.0 N/A

ID: 01JE5DHAKP220SB78403DYDPES Package: hawk Version: 3.1.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-29167 HIGH Uncontrolled Resource Consumption in Hawk 3.1.3 Initial Release 9.0.1 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840CK4S940 Package: keypair Version: 1.0.0 Vulnerabilities: 1 Type: Direct

cctv001/node_modules/google-auth-library/package.json

Line 50 in bf54d4b

"keypair": "^1.0.0",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-41117 HIGH Insecure random number generation in keypair 1.0.0 Initial Release 1.0.4 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840M8AACQT Package: mime Version: 1.3.4 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16138 HIGH mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input 1.3.4 Initial Release 2.0.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840PET64TV Package: minimatch Version: 3.0.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-3517 HIGH minimatch ReDoS vulnerability 3.0.3 Initial Release 3.0.5 NEGLIGIBLE

ID: 01JE5DHAKP220SB784190DMSEY Package: sshpk Version: 1.10.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3737 HIGH Regular Expression Denial of Service in sshpk 1.10.1 Initial Release 1.13.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841G2RFAX3 Package: taffydb Version: 2.6.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2019-10790 HIGH TaffyDB can allow access to any data items in the DB 2.6.2 Initial Release N/A NEGLIGIBLE
SNYK-JS-TAFFY-546521 HIGH TaffyDB can allow access to any data items in the DB 2.6.2 Initial Release N/A NEGLIGIBLE

ID: 01JE5DHAKP220SB783ZP11F668 Package: base64url Version: 2.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Out-of-bounds Read in base64url 2.0.0 Initial Release 3.0.0 N/A

ID: 01JE5DHAKP220SB783ZQADXHXP Package: bl Version: 1.1.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-8244 MEDIUM Remote Memory Exposure in bl 1.1.2 Initial Release 1.2.3 NEGLIGIBLE

ID: 01JE5DHAKP220SB783ZYA4TBV6 Package: extend Version: 3.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-16492 MEDIUM Prototype Pollution in extend 3.0.0 Initial Release 3.0.2 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840B2JEFZ0 Package: jsonpointer Version: 4.0.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23807 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1910273 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE
SNYK-JS-JSONPOINTER-1577288 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7840TRPARZ0 Package: ms Version: 0.7.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20162 MEDIUM Vercel ms Inefficient Regular Expression Complexity vulnerability 0.7.1 Initial Release 2.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB78413Z30ESW Package: request Version: 2.79.0 Vulnerabilities: 1 Type: Direct

cctv001/node_modules/google-auth-library/package.json

Line 8 in bf54d4b

"_requested": {

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.79.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB78412FCNPDY Package: request Version: 2.75.0 Vulnerabilities: 1 Type: Direct

cctv001/node_modules/google-auth-library/package.json

Line 8 in bf54d4b

"_requested": {

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.75.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841C4287EN Package: stringstream Version: 0.0.5 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-21270 MEDIUM Out-of-bounds Read in stringstream 0.0.5 Initial Release 0.0.6 NEGLIGIBLE

ID: 01JE5DHAKP220SB7841J7KVF2Y Package: tunnel-agent Version: 0.4.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Memory Exposure in tunnel-agent 0.4.3 Initial Release 0.6.0 N/A

Reply with /nullify to interact with me like another developer
@mantel-group-nullify mantel-group-nullify bot pinned this issue Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants