- โ Working at TrueNAS Apps/Charts Catalog
- โ Maintaining TrueCharts.
- I'm in for the tech, not for taking project decisions.
- ๐ฑ Iโm currently learning GoLang
If you like my work, you can buy me a coffee โ or a beer ๐บ.
If you like my work, you can buy me a coffee โ or a beer ๐บ.
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Found in HEAD commit: fce7084a09264a267ce5ab68d95ee814e6662a5b
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: fce7084a09264a267ce5ab68d95ee814e6662a5b
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: fce7084a09264a267ce5ab68d95ee814e6662a5b
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: 2c706c0dbf4d435f893d00089a7ef3305fe05b09
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ | |
CVE-2022-25858 | 5.3 | terser-5.14.0.tgz | Transitive | N/A | โ |
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c706c0dbf4d435f893d00089a7ef3305fe05b09
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c706c0dbf4d435f893d00089a7ef3305fe05b09
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c706c0dbf4d435f893d00089a7ef3305fe05b09
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Warning
Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package c2corg/browserslist-update-action)
.
Files affected: .github/workflows/update-browserlist.yml
This repository currently has no open or pending branches.
.github/workflows/codeql-analysis.yml
actions/checkout v4@b4ffde65f46336ab88eb53be808477a3936bae11
github/codeql-action v3@47b3d888fe66b639e431abf22ebca059152f1eea
github/codeql-action v3@47b3d888fe66b639e431abf22ebca059152f1eea
.github/workflows/test-build.yml
actions/checkout v4@b4ffde65f46336ab88eb53be808477a3936bae11
actions/setup-node v4@60edb5dd545a775178f52524783378180af0d1f8
.github/workflows/update-browserlist.yml
actions/checkout v4@b4ffde65f46336ab88eb53be808477a3936bae11
c2corg/browserslist-update-action v2@0e432e6c50c3c06fcb785a3ba475d462dd93272e
package.json
@astrojs/check 0.5.5
@astrojs/starlight 0.20.0
astro 4.4.4
sharp 0.33.2
starlight-links-validator ^0.5.2
typescript 5.3.3
.nvmrc
node 20.11.1
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: b9edbd4700b4b50936d471b4605ce680eeddf9d0
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: b9edbd4700b4b50936d471b4605ce680eeddf9d0
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: b9edbd4700b4b50936d471b4605ce680eeddf9d0
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: b9edbd4700b4b50936d471b4605ce680eeddf9d0
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Found in HEAD commit: d36578232c7106c270c86fa16deba839fb1e23aa
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: d36578232c7106c270c86fa16deba839fb1e23aa
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: d36578232c7106c270c86fa16deba839fb1e23aa
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Found in HEAD commit: 844841c6461639797c0fd77cfbdb2da90d01d28a
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 844841c6461639797c0fd77cfbdb2da90d01d28a
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 844841c6461639797c0fd77cfbdb2da90d01d28a
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: 372a6fd9b1e29dfc436eede6907692935ee2ac60
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 372a6fd9b1e29dfc436eede6907692935ee2ac60
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 372a6fd9b1e29dfc436eede6907692935ee2ac60
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 372a6fd9b1e29dfc436eede6907692935ee2ac60
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/loader-utils/package.json
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
CVE | Severity | Dependency | Type | Fixed in (core version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A* | โ | |
CVE-2022-3517 | 7.5 | minimatch-3.0.4.tgz | Transitive | N/A* | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A* | โ | |
CVE-2022-37599 | 7.5 | loader-utils-2.0.2.tgz | Transitive | N/A* | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: Jul 15, 2022 8:15:00 PM
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: Jul 15, 2022 8:15:00 PM
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/serve-handler/node_modules/minimatch/package.json,/node_modules/recursive-readdir/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: Oct 17, 2022 8:15:00 PM
URL: CVE-2022-3517
Base Score Metrics:
Type: Upgrade version
Release Date: Oct 17, 2022 8:15:00 PM
Fix Resolution: minimatch - 3.0.5
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: Oct 27, 2020 9:15:00 AM
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: Oct 27, 2020 9:15:00 AM
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
Publish Date: Oct 11, 2022 7:15:00 PM
URL: CVE-2022-37599
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 26747832187d17842cc24c9d0b8006d23e454605
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: Jun 18, 2022 9:15:00 PM
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: Jun 18, 2022 9:15:00 PM
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Create pipeline to autodeploy
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: 7d971a5b271d6a3605ff7b17ea3af4a30fc3a397
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A | โ | |
CVE-2021-35065 | 7.5 | glob-parent-5.1.2.tgz | Transitive | N/A | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 7d971a5b271d6a3605ff7b17ea3af4a30fc3a397
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 7d971a5b271d6a3605ff7b17ea3af4a30fc3a397
Found in base branch: master
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cj88-88mr-972w
Release Date: 2021-06-22
Fix Resolution: glob-parent - 6.0.1
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 7d971a5b271d6a3605ff7b17ea3af4a30fc3a397
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 7d971a5b271d6a3605ff7b17ea3af4a30fc3a397
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Found in HEAD commit: ca34563630e1351d24793fdf48a7ab6addc986e1
CVE | Severity | Dependency | Type | Fixed in | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A | โ |
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: ca34563630e1351d24793fdf48a7ab6addc986e1
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: ca34563630e1351d24793fdf48a7ab6addc986e1
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: ca34563630e1351d24793fdf48a7ab6addc986e1
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/loader-utils/package.json
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
CVE | Severity | Dependency | Type | Fixed in (core version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-25858 | 7.5 | terser-5.14.0.tgz | Transitive | N/A* | โ | |
CVE-2022-3517 | 7.5 | minimatch-3.0.4.tgz | Transitive | N/A* | โ | |
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | N/A* | โ | |
CVE-2022-37599 | 7.5 | loader-utils-2.0.2.tgz | Transitive | N/A* | โ | |
CVE-2022-33987 | 5.3 | got-9.6.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.14.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Step up your Open Source Security Game with Mend here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/serve-handler/node_modules/minimatch/package.json,/node_modules/recursive-readdir/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-10-17
Fix Resolution: minimatch - 3.0.5
Step up your Open Source Security Game with Mend here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with Mend here
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
Publish Date: 2022-10-11
URL: CVE-2022-37599
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ffb15765892a49d30901e37c6d64a495156623c
Found in base branch: master
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.