Update dependency rails to v7.2.1
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-42461Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> crypto-browserify-3.12.0.tgz (Root Library) -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
 Critical |
9.1 | elliptic-6.5.4.tgz | #8109 | |
CVE-2024-29415Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> plugin-ideal-image-3.5.2.tgz -> sharp-0.32.6.tgz -> node-gyp-8.2.0.tgz -> make-fetch-happen-8.0.14.tgz -> socks-proxy-agent-5.0.1.tgz -> socks-2.6.1.tgz -> ❌ ip-1.1.9.tgz (Vulnerable Library) |
Critical |
9.1 | ip-1.1.9.tgz | #6560 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> graphql-file-loader-8.0.1.tgz -> globby-11.1.0.tgz -> fast-glob-3.3.2.tgz -> ❌ micromatch-4.0.7.tgz (Vulnerable Library) |
 High |
7.5 | micromatch-4.0.7.tgz | #6560 | |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> webpack-bundle-analyzer-4.10.2.tgz (Root Library) -> ❌ ws-7.5.4.tgz (Vulnerable Library) |
High |
7.5 | ws-7.5.4.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #9079 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> graphql-config-5.1.2.tgz -> url-loader-8.0.0.tgz -> executor-graphql-ws-1.0.0.tgz -> ❌ ws-8.13.0.tgz (Vulnerable Library) |
High |
7.5 | ws-8.13.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #6560 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> graphql-config-5.1.2.tgz -> url-loader-8.0.0.tgz -> ❌ ws-8.16.0.tgz (Vulnerable Library) |
High |
7.5 | ws-8.16.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #6560 |
CVE-2022-37603Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> core-3.5.2.tgz -> react-dev-utils-12.0.1.tgz -> ❌ loader-utils-3.2.0.tgz (Vulnerable Library) |
High |
7.5 | loader-utils-3.2.0.tgz | Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1 | #6560 |
CVE-2022-3517Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> doc-site-0.0.0.tgz (Root Library) -> core-3.5.2.tgz -> react-dev-utils-12.0.1.tgz -> recursive-readdir-2.2.2.tgz -> ❌ minimatch-3.0.4.tgz (Vulnerable Library) |
High |
7.5 | minimatch-3.0.4.tgz | Upgrade to version: minimatch - 3.0.5 | #6560 |
CVE-2024-42460Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> crypto-browserify-3.12.0.tgz (Root Library) -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
 Medium |
5.3 | elliptic-6.5.4.tgz | #8109 | |
CVE-2024-42459Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> crypto-browserify-3.12.0.tgz (Root Library) -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.5.4.tgz (Vulnerable Library) |
Medium |
5.3 | elliptic-6.5.4.tgz | #8109 |
Total libraries scanned: 1889
Scan token: 60188180dac84690a6946008a4f608e7