-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jest-cli-15.1.1.tgz: 55 vulnerabilities (highest severity is: 9.8) - autoclosed #2
Comments
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
ℹ️ This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
ℹ️ This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
ℹ️ This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory. |
ℹ️ This issue was automatically closed by Mend because it is a duplicate of an existing issue: #7 |
Vulnerable Library - jest-cli-15.1.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/path-parse/package.json
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
CVE-2021-23369
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Publish Date: 2021-04-12
URL: CVE-2021-23369
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369
Release Date: 2021-04-12
Fix Resolution (handlebars): 4.1.2-0
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2019-19919
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Publish Date: 2019-12-20
URL: CVE-2019-19919
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1164
Release Date: 2019-12-20
Fix Resolution (handlebars): 4.3.0
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2020-7774
Vulnerable Library - y18n-3.2.1.tgz
the bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/y18n/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Publish Date: 2020-11-17
URL: CVE-2020-7774
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1654
Release Date: 2020-11-17
Fix Resolution (y18n): 3.2.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2018-1000620
Vulnerable Library - cryptiles-2.0.5.tgz
General purpose crypto utilities
Library home page: https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/cryptiles/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Publish Date: 2018-07-09
URL: CVE-2018-1000620
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000620
Release Date: 2018-07-09
Fix Resolution (cryptiles): 4.1.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2020-28499
Vulnerable Library - merge-1.2.0.tgz
Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.
Library home page: https://registry.npmjs.org/merge/-/merge-1.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/merge/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .
Publish Date: 2021-02-18
URL: CVE-2020-28499
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1666
Release Date: 2021-02-18
Fix Resolution (merge): 2.1.1
Direct dependency fix Resolution (jest-cli): 24.0.0
⛑️ Automatic Remediation is available for this issue
WS-2020-0344
Vulnerable Library - is-my-json-valid-2.14.0.tgz
A JSONSchema validator that uses code generation to be extremely fast
Library home page: https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/is-my-json-valid/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Arbitrary Code Execution vulnerability was found in is-my-json-valid before 2.20.3 via the fromatName function.
Publish Date: 2020-06-09
URL: WS-2020-0344
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-06-09
Fix Resolution (is-my-json-valid): 2.20.3
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2021-23383
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
Publish Date: 2021-05-04
URL: CVE-2021-23383
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23383
Release Date: 2021-05-04
Fix Resolution (handlebars): 4.1.2-0
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2018-16492
Vulnerable Library - extend-3.0.0.tgz
Port of jQuery.extend for node.js and the browser
Library home page: https://registry.npmjs.org/extend/-/extend-3.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/extend/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16492
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/381185
Release Date: 2019-02-01
Fix Resolution (extend): 3.0.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2018-3728
Vulnerable Library - hoek-2.16.3.tgz
General purpose node utilities
Library home page: https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/hoek/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-03-30
URL: CVE-2018-3728
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3728
Release Date: 2018-03-30
Fix Resolution (hoek): 4.2.0
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2019-0333
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
In handlebars, versions prior to v4.5.3 are vulnerable to prototype pollution. Using a malicious template it's possbile to add or modify properties to the Object prototype. This can also lead to DOS and RCE in certain conditions.
Publish Date: 2019-11-18
URL: WS-2019-0333
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1325
Release Date: 2019-11-18
Fix Resolution (handlebars): 4.5.3
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2019-20920
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
Publish Date: 2020-09-30
URL: CVE-2019-20920
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1324
Release Date: 2020-10-15
Fix Resolution (handlebars): 4.5.3
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2019-0063
Vulnerable Library - js-yaml-3.6.1.tgz
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-05
URL: WS-2019-0063
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-05
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2018-0084
Vulnerable Library - sshpk-1.10.0.tgz
A library for finding and using SSH public keys
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sshpk/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Publish Date: 2018-04-25
URL: WS-2018-0084
CVSS 2 Score Details (8.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/606
Release Date: 2018-01-27
Fix Resolution (sshpk): 1.14.1
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2017-15010
Vulnerable Library - tough-cookie-2.3.1.tgz
RFC6265 Cookies and Cookie Jar for node.js
Library home page: https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/tough-cookie/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
Publish Date: 2017-10-04
URL: CVE-2017-15010
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15010
Release Date: 2017-10-04
Fix Resolution (tough-cookie): 2.3.3
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2016-10540
Vulnerable Library - minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/fileset/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript
RegExp
objects. The primary function,minimatch(path, pattern)
in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in thepattern
parameter.Publish Date: 2018-05-31
URL: CVE-2016-10540
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10540
Release Date: 2018-05-31
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2019-0492
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system.
Publish Date: 2019-11-19
URL: WS-2019-0492
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1324
Release Date: 2019-11-19
Fix Resolution (handlebars): 4.5.3
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2018-3737
Vulnerable Library - sshpk-1.10.0.tgz
A library for finding and using SSH public keys
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sshpk/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
Publish Date: 2018-06-07
URL: CVE-2018-3737
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/319593
Release Date: 2018-06-07
Fix Resolution (sshpk): 1.13.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2018-16469
Vulnerable Library - merge-1.2.0.tgz
Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.
Library home page: https://registry.npmjs.org/merge/-/merge-1.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/merge/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
Publish Date: 2018-10-30
URL: CVE-2018-16469
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16469
Release Date: 2018-10-30
Fix Resolution (merge): 1.2.1
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2019-0493
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
handlebars before 3.0.8 and 4.x before 4.5.2 is vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system.
Publish Date: 2019-11-14
URL: WS-2019-0493
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1316
Release Date: 2019-11-14
Fix Resolution (handlebars): 4.5.2
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2017-18077
Vulnerable Library - brace-expansion-1.1.6.tgz
Brace expansion as known from sh/bash
Library home page: https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/brace-expansion/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Publish Date: 2018-01-27
URL: CVE-2017-18077
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-18077
Release Date: 2018-01-27
Fix Resolution (brace-expansion): 1.1.7
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
WS-2019-0318
Vulnerable Library - handlebars-4.0.5.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
In "showdownjs/showdown", versions prior to v4.4.5 are vulnerable against Regular expression Denial of Service (ReDOS) once receiving specially-crafted templates.
Publish Date: 2019-10-20
URL: WS-2019-0318
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1300
Release Date: 2019-10-20
Fix Resolution (handlebars): 4.4.5
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
CVE-2021-23343
Vulnerable Library - path-parse-1.0.5.tgz
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: 234744c28d99893925015b6979daea3f954c0800
Vulnerability Details
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-05-04
Fix Resolution (path-parse): 1.0.7
Direct dependency fix Resolution (jest-cli): 16.0.0
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
The text was updated successfully, but these errors were encountered: