[Snyk] Upgrade: react, react-dom, jquery, react-router-dom, react-scripts

[felayo]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

react
from 16.8.6 to 16.14.0 | 11 versions ahead of your current version | 4 years ago
on 2020-10-14
react-dom
from 16.8.6 to 16.14.0 | 11 versions ahead of your current version | 4 years ago
on 2020-10-14
jquery
from 3.4.1 to 3.7.1 | 9 versions ahead of your current version | a year ago
on 2023-08-28
react-router-dom
from 5.0.0 to 5.3.4 | 11 versions ahead of your current version | 2 years ago
on 2022-10-02
react-scripts
from 3.0.1 to 3.4.4 | 15 versions ahead of your current version | 4 years ago
on 2020-10-20

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	472	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	472	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	472	No Known Exploit
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	472	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472	Proof of Concept
	Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	472	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	472	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	472	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	472	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	472	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472	Proof of Concept
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	472	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	472	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	472	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	472	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	472	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	472	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	472	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	472	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	472	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	472	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	472	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	472	Mature
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472	No Known Exploit
	Prototype Pollution SNYK-JS-SETVALUE-450213	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	472	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472	Proof of Concept
	Denial of Service SNYK-JS-NODEFETCH-674311	472	No Known Exploit
	Prototype Pollution SNYK-JS-HAPIHOEK-548452	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	472	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	472	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472	Proof of Concept
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	472	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472	Proof of Concept
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	472	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472	Proof of Concept

Release notes

Package name: react

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03
• 16.10.1 - 2019-09-28
• 16.10.0 - 2019-09-27
• 16.9.0 - 2019-08-08
• 16.9.0-rc.0 - 2019-08-05
• 16.9.0-alpha.0 - 2019-04-03
• 16.8.6 - 2019-03-28

from react GitHub release notes

Package name: react-dom

• 16.14.0 - 2020-10-14
  

  React

  • Add support for the new JSX transform. (@ lunaruan in #18299)
• 16.13.1 - 2020-03-19
  

  React DOM

  • Fix bug in legacy mode Suspense where effect clean-up functions are not fired. This only affects users who use Suspense for data fetching in legacy mode, which is not technically supported. (@ acdlite in #18238)
  • Revert warning for cross-component updates that happen inside class render lifecycles (componentWillReceiveProps, shouldComponentUpdate, and so on). (@ gaearon in #18330)

  Artifacts

  • react: https://unpkg.com/react@16.13.1/umd/
  • react-art: https://unpkg.com/react-art@16.13.1/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.1/umd/
  • react-is: https://unpkg.com/react-is@16.13.1/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.1/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.1/umd/
• 16.13.0 - 2020-02-26
  

  React

  • Warn when a string ref is used in a manner that's not amenable to a future codemod (@ lunaruan in #17864)
  • Deprecate React.createFactory() (@ trueadm in #17878)

  React DOM

  • Warn when changes in style may cause an unexpected collision (@ sophiebits in #14181, #18002)
  • Warn when a function component is updated during another component's render phase (@ acdlite in #17099)
  • Deprecate unstable_createPortal (@ trueadm in #17880)
  • Fix onMouseEnter being fired on disabled buttons (@ AlfredoGJ in #17675)
  • Call shouldComponentUpdate twice when developing in StrictMode (@ bvaughn in #17942)
  • Add version property to ReactDOM (@ ealush in #15780)
  • Don't call toString() of dangerouslySetInnerHTML (@ sebmarkbage in #17773)
  • Show component stacks in more warnings (@ gaearon in #17922, #17586)

  Concurrent Mode (Experimental)

  • Warn for problematic usages of ReactDOM.createRoot() (@ trueadm in #17937)
  • Remove ReactDOM.createRoot() callback params and added warnings on usage (@ bvaughn in #17916)
  • Don't group Idle/Offscreen work with other work (@ sebmarkbage in #17456)
  • Adjust SuspenseList CPU bound heuristic (@ sebmarkbage in #17455)
  • Add missing event plugin priorities (@ trueadm in #17914)
  • Fix isPending only being true when transitioning from inside an input event (@ acdlite in #17382)
  • Fix React.memo components dropping updates when interrupted by a higher priority update (@ acdlite in #18091)
  • Don't warn when suspending at the wrong priority (@ gaearon in #17971)
  • Fix a bug with rebasing updates (@ acdlite and @ sebmarkbage in #17560, #17510, #17483, #17480)

  Artifacts

  • react: https://unpkg.com/react@16.13.0/umd/
  • react-art: https://unpkg.com/react-art@16.13.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.13.0/umd/
  • react-is: https://unpkg.com/react-is@16.13.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.13.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.19.0/umd/
• 16.12.0 - 2019-11-14
  

  React DOM

  • Fix passive effects (useEffect) not being fired in a multi-root app. (@ acdlite in #17347)

  React Is

  • Fix lazy and memo types considered elements instead of components (@ bvaughn in #17278)

  Artifacts

  • react: https://unpkg.com/react@16.12.0/umd/
  • react-art: https://unpkg.com/react-art@16.12.0/umd/
  • react-dom: https://unpkg.com/react-dom@16.12.0/umd/
  • react-is: https://unpkg.com/react-is@16.12.0/umd/
  • react-test-renderer: https://unpkg.com/react-test-renderer@16.12.0/umd/
  • scheduler: https://unpkg.com/scheduler@0.18.0/umd/

• 16.11.0 - 2019-10-22
• 16.10.2 - 2019-10-03
• 16.10.1 - 2019-09-28
• 16.10.0 - 2019-09-27
• 16.9.0 - 2019-08-08
• 16.9.0-rc.0 - 2019-08-05
• 16.9.0-alpha.0 - 2019-04-03
• 16.8.6 - 2019-03-28

from react-dom GitHub release notes

Package name: jquery

• 3.7.1 - 2023-08-28
  

  https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

• 3.7.0 - 2023-05-11
  

  https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

• 3.6.4 - 2023-03-08
  

  https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

• 3.6.3 - 2022-12-20
  

  https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

• 3.6.2 - 2022-12-13
  

  https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

• 3.6.1 - 2022-08-26
  

  https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

• 3.6.0 - 2021-03-02
  

  https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

• 3.5.1 - 2020-05-04
  

  3.5.1

• 3.5.0 - 2020-04-10
• 3.4.1 - 2019-05-01

from jquery GitHub release notes

Package name: react-router-dom

• 5.3.4 - 2022-10-02
• 5.3.3 - 2022-05-18
• 5.3.2 - 2022-05-17
• 5.3.1 - 2022-04-17
• 5.3.0 - 2021-09-03
• 5.2.1 - 2021-08-27
• 5.2.0 - 2020-05-11
• 5.1.2 - 2019-09-30
• 5.1.1 - 2019-09-27
• 5.1.0 - 2019-09-24
• 5.0.1 - 2019-06-04
• 5.0.0 - 2019-03-18

from react-router-dom GitHub release notes

Package name: react-scripts

• 3.4.4 - 2020-10-20
• 3.4.3 - 2020-08-12
• 3.4.2 - 2020-08-11
• 3.4.1 - 2020-03-21
• 3.4.0 - 2020-02-14
• 3.3.1 - 2020-01-31
• 3.3.0 - 2019-12-05
• 3.3.0-next.80 - 2019-12-04
• 3.3.0-next.62 - 2019-11-14
• 3.3.0-next.39 - 2019-10-24
• 3.3.0-next.38 - 2019-10-24
• 3.2.0 - 2019-10-03
• 3.1.2 - 2019-09-19
• 3.1.1 - 2019-08-13
• 3.1.0 - 2019-08-09
• 3.0.1 - 2019-05-08

from react-scripts GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"react","from":"16.8.6","to":"16.14.0"},{"name":"react-dom","from":"16.8.6","to":"16.14.0"},{"name":"jquery","from":"3.4.1","to":"3.7.1"},{"name":"react-router-dom","from":"5.0.0","to":"5.3.4"},{"name":"react-scripts","from":"3.0.1","to":"3.4.4"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SETVALUE-1540541","issue_id":"SNYK-JS-SETVALUE-1540541","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":537,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERIALIZEJAVASCRIPT-536840","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-536840","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","priority_score":492,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6056521","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-6056521","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MIXINDEEP-450212","issue_id":"SNYK-JS-MIXINDEEP-450212","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NODEFORGE-598677","issue_id":"SNYK-JS-NODEFORGE-598677","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":492,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ESLINTUTILS-460220","issue_id":"SNYK-JS-ESLINTUTILS-460220","priority_score":365,"priority_score_factors":[{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-450202","issue_id":"SNYK-JS-LODASH-450202","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MERGEDEEP-1070277","issue_id":"SNYK-JS-MERGEDEEP-1070277","priority_score":376,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ACORN-559469","issue_id":"SNYK-JS-ACORN-559469","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ACORN-559469","issue_id":"SNYK-JS-ACORN-559469","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-DNSPACKET-1293563","issue_id":"SNYK-JS-DNSPACKET-1293563","priority_score":385,"priority_score_factors":[{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":467,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1085627","issue_id":"SNYK-JS-ISSVG-1085627","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"...