Giter Club home page Giter Club logo

storm-ops's People

Contributors

allcontributors[bot] avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar renovate[bot] avatar stormie-bot avatar sullivanpj avatar

Stargazers

avatar avatar

Watchers

avatar

storm-ops's Issues

@storm-software/linting-tools-1.39.4.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.39.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 675561baa9e00629e2e8cb16423b57bdc05da436

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.39.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.39.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 675561baa9e00629e2e8cb16423b57bdc05da436

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

@storm-software/linting-tools-1.39.0.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.39.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Found in HEAD commit: e0a370f87445faccb93b1207d00b2ee8f5d30dd9

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 ip-1.1.8.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Library - ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.39.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: e0a370f87445faccb93b1207d00b2ee8f5d30dd9

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-42282

Release Date: 2024-02-08

Fix Resolution: ip - 2.0.0

Step up your Open Source Security Game with Mend here

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/actions/setup-workspace/action.yaml
  • pnpm/action-setup v3.0.0
  • actions/setup-node v4
.github/workflows/ci.yml
  • actions/checkout v4
  • nrwl/nx-set-shas v4
.github/workflows/codeql.yml
  • actions/checkout v4
  • github/codeql-action v3
  • github/codeql-action v3
  • github/codeql-action v3
.github/workflows/cr.yml
.github/workflows/dependabot-approve.yml
.github/workflows/greetings.yml
.github/workflows/labels.yml
  • actions/checkout v4
  • micnncim/action-label-syncer v1.3.0
.github/workflows/lock.yml
  • dessant/lock-threads v5
packages/workspace-tools/src/generators/preset/files/.github/actions/setup-workspace/action.yaml
  • actions/setup-node v4
  • pnpm/action-setup v3.0.0
  • actions/setup-node v4
packages/workspace-tools/src/generators/preset/files/.github/workflows/code-review.yml
packages/workspace-tools/src/generators/preset/files/.github/workflows/codeql.yml
  • actions/checkout v4
  • github/codeql-action v3
  • github/codeql-action v3
  • github/codeql-action v3
packages/workspace-tools/src/generators/preset/files/.github/workflows/git-guardian.yml
  • actions/checkout v4
packages/workspace-tools/src/generators/preset/files/.github/workflows/greetings.yml
packages/workspace-tools/src/generators/preset/files/.github/workflows/labels.yml
  • actions/checkout v4
  • micnncim/action-label-syncer v1.3.0
packages/workspace-tools/src/generators/preset/files/.github/workflows/lock.yml
  • dessant/lock-threads v5
npm
package.json
  • @angular-devkit/architect ^0.1702.0
  • @angular-devkit/core ^17.2.0
  • @angular-devkit/schematics ^17.2.0
  • @biomejs/biome 1.5.3
  • @nx/devkit 18.0.4
  • @nx/esbuild 18.0.4
  • @nx/eslint-plugin 18.0.4
  • @nx/eslint 18.0.4
  • @nx/jest 18.0.4
  • @nx/js 18.0.4
  • @nx/plugin 18.0.4
  • @nx/workspace 18.0.4
  • @swc-node/register ^1.8.0
  • @swc/cli 0.3.2
  • @swc/core 1.4.2
  • @swc/helpers 0.5.3
  • @swc/wasm ^1.4.2
  • @tsconfig/recommended 1.0.3
  • @types/jest 29.5.11
  • @types/node 20.11.20
  • @typescript-eslint/eslint-plugin ^6.13.2
  • @typescript-eslint/parser ^6.13.2
  • conventional-changelog-conventionalcommits ^7.0.2
  • esbuild 0.19.12
  • eslint 8.56.0
  • eslint-config-prettier ^9.0.0
  • jest 29.7.0
  • jest-environment-jsdom 29.7.0
  • jest-environment-node 29.7.0
  • lefthook 1.6.1
  • nx 18.0.4
  • prettier 3.2.5
  • rimraf 5.0.5
  • ts-jest 29.1.2
  • ts-node 10.9.2
  • tslib 2.6.2
  • typescript 5.3.3
  • verdaccio 5.29.0
  • node >=21.0.0
  • pnpm >=8.10.2
  • pnpm 8.14.3
packages/build-tools/package.json
  • @anatine/esbuild-decorators 0.2.19
  • @microsoft/api-extractor 7.40.1
  • @nx/devkit 18.0.4
  • @nx/js 18.0.4
  • @nx/workspace 18.0.4
  • commander 11.1.0
  • esbuild-plugin-environment 0.3.0
  • fs-extra 11.2.0
  • glob 10.3.10
  • typescript 5.3.3
packages/config-tools/package.json
  • cosmiconfig 9.0.0
  • find-up 7.0.0
  • fs-extra 11.2.0
  • locate-path 7.2.0
  • zod 3.22.4
  • @types/fs-extra ^11.0.4
packages/config/package.json
  • zod 3.22.4
packages/create-storm-workspace/package.json
  • @nx/workspace 18.0.4
  • create-nx-workspace 18.0.4
  • enquirer 2.4.1
packages/git-tools/package.json
  • @commitlint/cli 18.6.0
  • @commitlint/config-conventional 18.6.0
  • @commitlint/lint 18.6.0
  • @commitlint/types 18.6.0
  • @nx/devkit 18.0.4
  • any-shell-escape 0.1.1
  • axios 1.6.7
  • commander 11.1.0
  • deep-map 2.0.0
  • doctoc 2.2.1
  • es6-weak-map 2.0.3
  • fuzzy 0.1.3
  • inquirer 9.2.12
  • lodash-es 4.17.21
  • micromatch 4.0.5
  • nx 18.0.4
  • prettier 3.2.5
  • remeda 1.38.0
  • semver 7.5.4
  • ts-node 10.9.2
  • word-wrap 1.2.5
  • zod 3.22.4
  • @types/inquirer 9.0.6
  • @types/prettier 3.0.0
packages/linting-tools/package.json
  • @cspell/dict-ada 4.0.2
  • @cspell/dict-aws 4.0.1
  • @cspell/dict-bash 4.1.3
  • @cspell/dict-companies 3.0.31
  • @cspell/dict-cpp 5.1.1
  • @cspell/dict-cryptocurrencies 5.0.0
  • @cspell/dict-csharp 4.0.2
  • @cspell/dict-css 4.0.12
  • @cspell/dict-dart 2.0.3
  • @cspell/dict-django 4.1.0
  • @cspell/dict-docker 1.1.7
  • @cspell/dict-dotnet 5.0.0
  • @cspell/dict-elixir 4.0.3
  • @cspell/dict-en-common-misspellings 2.0.0
  • @cspell/dict-en-gb 4.1.31
  • @cspell/dict-en_us 4.3.14
  • @cspell/dict-filetypes 3.0.3
  • @cspell/dict-fonts 4.0.0
  • @cspell/dict-fsharp 1.0.1
  • @cspell/dict-fullstack 3.1.5
  • @cspell/dict-gaming-terms 1.0.5
  • @cspell/dict-git 2.0.0
  • @cspell/dict-golang 6.0.5
  • @cspell/dict-haskell 4.0.1
  • @cspell/dict-html 4.0.5
  • @cspell/dict-html-symbol-entities 4.0.0
  • @cspell/dict-java 5.0.6
  • @cspell/dict-k8s 1.0.2
  • @cspell/dict-latex 4.0.0
  • @cspell/dict-lorem-ipsum 4.0.0
  • @cspell/dict-lua 4.0.3
  • @cspell/dict-makefile 1.0.0
  • @cspell/dict-node 4.0.3
  • @cspell/dict-npm 5.0.15
  • @cspell/dict-php 4.0.5
  • @cspell/dict-powershell 5.0.3
  • @cspell/dict-public-licenses 2.0.5
  • @cspell/dict-python 4.1.11
  • @cspell/dict-r 2.0.1
  • @cspell/dict-ruby 5.0.2
  • @cspell/dict-rust 4.0.2
  • @cspell/dict-scala 5.0.0
  • @cspell/dict-software-terms 3.3.16
  • @cspell/dict-sql 2.1.3
  • @cspell/dict-svelte 1.0.2
  • @cspell/dict-swift 2.0.1
  • @cspell/dict-typescript 3.1.2
  • @cspell/dict-vue 3.0.0
  • @manypkg/cli 0.21.2
  • @manypkg/get-packages 2.2.0
  • @size-limit/file 11.0.2
  • @size-limit/time 11.0.2
  • alex 11.0.1
  • check-dependency-version-consistency 4.1.0
  • child_process 1.0.2
  • commander 11.1.0
  • cspell 8.3.2
  • dpdm 3.14.0
  • eslint 8.56.0
  • prettier-plugin-tailwindcss 0.5.11
  • rehype-parse 9.0.0
  • rehype-retext 4.0.0
  • remark-frontmatter 5.0.0
  • remark-gfm 4.0.0
  • remark-mdx 3.0.0
  • remark-parse 11.0.0
  • remark-retext 6.0.0
  • retext-english 5.0.0
  • retext-equality 7.0.0
  • retext-profanities 8.0.0
  • size-limit 11.0.2
  • spawndamnit 2.0.0
  • supports-color 9.4.0
  • unified 11.0.4
  • unified-diff 5.0.0
  • unified-engine 11.2.0
  • vfile-reporter ^8.1.0
  • @types/eslint 8.44.6
packages/testing-tools/package.json
  • @nx/jest 18.0.4
  • jest 29.7.0
  • jest-resolve ^29.7.0
  • @nx/jest 18.0.4
  • jest 29.7.0
packages/tsconfig/package.json
  • @total-typescript/ts-reset 0.5.1
  • @tsconfig/recommended 1.0.3
packages/workspace-tools/package.json
  • @anatine/esbuild-decorators 0.2.19
  • @microsoft/api-extractor 7.40.1
  • @nx/devkit 18.0.4
  • @nx/esbuild 18.0.4
  • @rollup/plugin-json 6.1.0
  • bundle-require ^4.0.2
  • decky 1.1.1
  • esbuild-plugin-environment 0.3.0
  • esbuild-plugin-handlebars 1.0.2
  • esbuild-plugin-pino 2.1.0
  • fs-extra 11.2.0
  • glob 10.3.10
  • npm-run-path 5.2.0
  • pkg-types ^1.0.3
  • prettier 3.2.5
  • prettier-plugin-packagejson 2.4.9
  • rollup 4.10.0
  • rollup-plugin-dts 6.1.0
  • semver 7.5.4
  • terser 5.24.0
  • typia 5.4.1
  • zod 3.22.4
  • zod-to-json-schema 3.22.3
nvm
.github/.nvmrc
  • node 21.0.0
packages/workspace-tools/src/generators/preset/files/.github/.nvmrc
  • Check this box to trigger a request for Renovate to run again on this repository

@storm-software/linting-tools-1.38.20.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.38.20.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Found in HEAD commit: 09fe5cb279f44e9169bef8169d2aa15fbfd2d8c8

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 ip-1.1.8.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Library - ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.38.20.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 09fe5cb279f44e9169bef8169d2aa15fbfd2d8c8

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-42282

Release Date: 2024-02-08

Fix Resolution: ip - 2.0.0

Step up your Open Source Security Game with Mend here

verdaccio-5.27.0.tgz: 1 vulnerabilities (highest severity is: 6.1) - autoclosed

Vulnerable Library - verdaccio-5.27.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 914859895a632bb4e1fa76e3ef8d5d096d9d3e1d

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (verdaccio version) Remediation Possible**
CVE-2023-28155 Medium 6.1 request-2.88.2.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-28155

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • verdaccio-5.27.0.tgz (Root Library)
    • request-2.88.2.tgz (Vulnerable Library)

Found in HEAD commit: 914859895a632bb4e1fa76e3ef8d5d096d9d3e1d

Found in base branch: main

Vulnerability Details

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).NOTE: The request package is no longer supported by the maintainer.

Publish Date: 2023-03-16

URL: CVE-2023-28155

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p8p7-x288-28g6

Release Date: 2023-03-16

Fix Resolution: @cypress/request - 3.0.0

Step up your Open Source Security Game with Mend here

linting-tools-1.41.4.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - linting-tools-1.41.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 6a1866e66bebd3aae938df5f3d6a4fc8aafecee0

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 6a1866e66bebd3aae938df5f3d6a4fc8aafecee0

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

linting-tools-1.39.1.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - linting-tools-1.39.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 3f61e534780985b674e93ddb5388365a1e2ad271

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 ip-1.1.8.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Library - ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.39.1.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 3f61e534780985b674e93ddb5388365a1e2ad271

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-42282

Release Date: 2024-02-08

Fix Resolution: ip - 2.0.0

Step up your Open Source Security Game with Mend here

@storm-software/linting-tools-1.41.1.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.41.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Found in HEAD commit: b626bcf83378667aae820c1233ceb126da22a12d

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.41.1.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.41.1.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: b626bcf83378667aae820c1233ceb126da22a12d

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

linting-tools-1.41.3.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - linting-tools-1.41.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: d7a966ff3d2b4d675e30b70210b7cb92f0af8477

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.3.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.3.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: d7a966ff3d2b4d675e30b70210b7cb92f0af8477

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

@storm-software/linting-tools-1.41.4.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.41.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 006776a81746ab5ebe0fe128c400e105e1141840

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.41.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.41.4.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 006776a81746ab5ebe0fe128c400e105e1141840

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

linting-tools-1.42.0.tgz: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - linting-tools-1.42.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: a24174e30613cf48da1fbdd12e178a7574b6f2c7

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.42.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.42.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: a24174e30613cf48da1fbdd12e178a7574b6f2c7

Found in base branch: main

Vulnerability Details

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

@storm-software/linting-tools-1.42.0.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.42.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: 38ba1a33c541e2ff282baeb4117a221c02bdeac6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.42.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.42.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: 38ba1a33c541e2ff282baeb4117a221c02bdeac6

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

linting-tools-1.41.0.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - linting-tools-1.41.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Found in HEAD commit: cb5c820cd54c5cd578ea3eedf654bad6f6758932

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-2.0.0.tgz, ip-1.1.8.tgz

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • socks-proxy-agent-8.0.2.tgz
                • socks-2.7.1.tgz
                  • ip-2.0.0.tgz (Vulnerable Library)

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • linting-tools-1.41.0.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: cb5c820cd54c5cd578ea3eedf654bad6f6758932

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution: ip - 1.1.9,2.0.1

Step up your Open Source Security Game with Mend here

@storm-software/linting-tools-1.39.1.tgz: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - @storm-software/linting-tools-1.39.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Found in HEAD commit: ffe79b6facec3cb5d9f7829dfea49d7c25b459a6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (@storm-software/linting-tools version) Remediation Possible**
CVE-2023-42282 Critical 9.8 ip-1.1.8.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Library - ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/.pnpm/[email protected]/node_modules/ip/package.json

Dependency Hierarchy:

  • @storm-software/linting-tools-1.39.1.tgz (Root Library)
    • time-11.0.2.tgz
      • estimo-3.0.1.tgz
        • find-chrome-bin-2.0.1.tgz
          • browsers-1.9.1.tgz
            • proxy-agent-6.3.1.tgz
              • pac-proxy-agent-7.0.1.tgz
                • pac-resolver-7.0.0.tgz
                  • ip-1.1.8.tgz (Vulnerable Library)

Found in HEAD commit: ffe79b6facec3cb5d9f7829dfea49d7c25b459a6

Found in base branch: main

Vulnerability Details

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-42282

Release Date: 2024-02-08

Fix Resolution: ip - 2.0.0

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.