Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities Dashboard - Dependencies #23

Open
mantel-group-nullify bot opened this issue Dec 3, 2024 · 0 comments
Open

Vulnerabilities Dashboard - Dependencies #23

mantel-group-nullify bot opened this issue Dec 3, 2024 · 0 comments

Comments

@mantel-group-nullify
Copy link

mantel-group-nullify bot commented Dec 3, 2024
edited
Loading

Severity Threshold: πŸ”΅ MEDIUM

Repository Summary

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
14 55 39 0

package-lock.json

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
3 18 14 0

ID: 01JE5DH5DEKE6QNJ75J09JT7TF Package: lodash Version: 4.17.4 Vulnerabilities: 7 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 4.17.4 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 4.17.4 Initial Release 4.17.14 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 4.17.4 Initial Release 4.17.14 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 4.17.4 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 4.17.4 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HYZ7GEHC Package: lodash Version: 3.10.1 Vulnerabilities: 7 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 3.10.1 Initial Release 4.6.1 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 3.10.1 Initial Release 4.6.1 NEGLIGIBLE
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 3.10.1 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 3.10.1 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.11 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 3.10.1 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 3.10.1 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HWY9Q95X Package: json-schema Version: 0.2.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-3918 CRITICAL json-schema is vulnerable to Prototype Pollution 0.2.3 Initial Release 0.4.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75J2WST7JN Package: node-forge Version: 0.7.1 Vulnerabilities: 5 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7720 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-609293 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JS-NODEFORGE-598677 HIGH Prototype Pollution in node-forge 0.7.1 Initial Release 0.10.0 NEGLIGIBLE
CVE-2022-0122 MEDIUM Open Redirect in node-forge 0.7.1 Initial Release 1.0.0 NEGLIGIBLE
CVE-2022-24773 MEDIUM Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24771 HIGH Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24772 HIGH Improper Verification of Cryptographic Signature in node-forge 0.7.1 Initial Release 1.3.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HSNJPKHJ Package: hoek Version: 2.16.3 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3728 HIGH Prototype Pollution in hoek 2.16.3 Initial Release 4.2.1 NEGLIGIBLE
CVE-2020-36604 HIGH hoek subject to prototype pollution via the clone function. 2.16.3 Initial Release 9.0.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75JEMB4RG6 Package: tough-cookie Version: 2.3.2 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-15010 HIGH Regular Expression Denial of Service in tough-cookie 2.3.2 Initial Release 2.3.3 NEGLIGIBLE
CVE-2023-26136 MEDIUM tough-cookie Prototype Pollution vulnerability 2.3.2 Initial Release 4.1.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HE1MZB12 Package: async Version: 2.5.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-43138 HIGH Prototype Pollution in async 2.5.0 2.0.0 3.2.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HKDAWVWC Package: dot-prop Version: 4.2.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-8116 HIGH dot-prop Prototype Pollution vulnerability 4.2.0 Initial Release 4.2.1 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HRE4BBCK Package: hawk Version: 3.1.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-29167 HIGH Uncontrolled Resource Consumption in Hawk 3.1.3 Initial Release 9.0.1 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75J131NPKS Package: mime Version: 1.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16138 HIGH mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input 1.4.0 Initial Release 2.0.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75J5V4RSMK Package: qs Version: 6.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.4.0 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75JDHQEDXS Package: sshpk Version: 1.13.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3737 HIGH Regular Expression Denial of Service in sshpk 1.13.1 Initial Release 1.13.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HATQNZ9W Package: ajv Version: 4.11.8 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-15366 MEDIUM Prototype Pollution in Ajv 4.11.8 Initial Release 6.12.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75HH3WTA42 Package: base64url Version: 2.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Out-of-bounds Read in base64url 2.0.0 Initial Release 3.0.0 N/A

ID: 01JE5DH5DEKE6QNJ75HMYNQ75W Package: extend Version: 3.0.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-16492 MEDIUM Prototype Pollution in extend 3.0.1 Initial Release 3.0.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75J9NNESNA Package: request Version: 2.81.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.81.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75JEFXC4QQ Package: stringstream Version: 0.0.5 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-21270 MEDIUM Out-of-bounds Read in stringstream 0.0.5 Initial Release 0.0.6 NEGLIGIBLE

package.json

πŸ”΄ CRITICAL 🟑 HIGH πŸ”΅ MEDIUM βšͺ LOW
11 37 25 0

ID: 01JE5DH5DEKE6QNJ75FJS0W1CQ Package: handlebars Version: 4.0.6 Vulnerabilities: 10 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A HIGH Prototype Pollution in handlebars 4.0.6 Initial Release 4.1.2 N/A
CVE-2019-19919 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.3.0 NEGLIGIBLE
CVE-2019-20922 HIGH Regular Expression Denial of Service in Handlebars 4.0.6 4.0.0 4.4.5 NEGLIGIBLE
SNYK-JS-HANDLEBARS-480388 HIGH Regular Expression Denial of Service in Handlebars 4.0.6 4.0.0 4.4.5 NEGLIGIBLE
N/A MEDIUM Denial of Service in handlebars 4.0.6 4.0.0 4.4.5 N/A
N/A HIGH Arbitrary Code Execution in handlebars 4.0.6 4.0.0 4.5.2 N/A
CVE-2019-20920 HIGH Arbitrary Code Execution in Handlebars 4.0.6 4.0.0 4.5.3 NEGLIGIBLE
SNYK-JS-HANDLEBARS-534478 HIGH Arbitrary Code Execution in Handlebars 4.0.6 4.0.0 4.5.3 NEGLIGIBLE
N/A HIGH Prototype Pollution in handlebars 4.0.6 4.0.0 4.5.3 N/A
N/A HIGH Arbitrary Code Execution in handlebars 4.0.6 4.0.0 4.5.3 N/A
CVE-2021-23383 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1279031 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1279032 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1279030 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JS-HANDLEBARS-1279029 CRITICAL Prototype Pollution in handlebars 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
CVE-2021-23369 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074950 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074951 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074952 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE
SNYK-JS-HANDLEBARS-1056767 CRITICAL Remote code execution in handlebars when compiling templates 4.0.6 Initial Release 4.7.7 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FYXCMB6M Package: lodash Version: 4.9.0 Vulnerabilities: 7 Type: Direct

cctv/node_modules/google-auth-library/package.json

Line 40 in 16064b1

"lodash.noop": "^3.0.1",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 4.9.0 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 4.9.0 Initial Release 4.17.14 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 4.9.0 Initial Release 4.17.14 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 4.9.0 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 4.9.0 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FY03KG4H Package: lodash Version: 3.7.0 Vulnerabilities: 7 Type: Direct

cctv/node_modules/google-auth-library/package.json

Line 40 in 16064b1

"lodash.noop": "^3.0.1",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2019-10744 CRITICAL Prototype Pollution in lodash 3.7.0 Initial Release 4.6.1 NEGLIGIBLE
SNYK-JS-LODASH-450202 CRITICAL Prototype Pollution in lodash 3.7.0 Initial Release 4.6.1 NEGLIGIBLE
CVE-2018-3721 MEDIUM Prototype Pollution in lodash 3.7.0 Initial Release 4.17.5 NEGLIGIBLE
CVE-2018-16487 HIGH Prototype Pollution in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2019-1010266 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
SNYK-JS-LODASH-73639 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.11 NEGLIGIBLE
CVE-2020-8203 HIGH Prototype Pollution in lodash 3.7.0 Initial Release 4.17.20 NEGLIGIBLE
CVE-2020-28500 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074896 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074894 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074892 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074893 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1018905 MEDIUM Regular Expression Denial of Service (ReDoS) in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
CVE-2021-23337 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGFUJIONWEBJARS-1074932 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARS-1074930 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1074928 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1074929 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE
SNYK-JS-LODASH-1040724 HIGH Command Injection in lodash 3.7.0 Initial Release 4.17.21 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GAT24WMW Package: minimist Version: 1.2.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7598 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
CVE-2021-44906 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
GHSA-xvch-5gv4-984h MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 MEDIUM Prototype Pollution in minimist 1.2.0 1.0.0 1.2.3 NEGLIGIBLE
CVE-2020-7598 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
CVE-2021-44906 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
GHSA-vh95-rmgr-6w4m CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 CRITICAL Prototype Pollution in minimist 1.2.0 Initial Release 1.2.6 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75G79BKA1Q Package: minimist Version: 0.0.8 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7598 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
CVE-2021-44906 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
GHSA-xvch-5gv4-984h MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 MEDIUM Prototype Pollution in minimist 0.0.8 Initial Release 0.2.1 NEGLIGIBLE
CVE-2020-7598 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
CVE-2021-44906 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
GHSA-vh95-rmgr-6w4m CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE
SNYK-JS-MINIMIST-559764 CRITICAL Prototype Pollution in minimist 0.0.8 Initial Release 1.2.6 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FFWH0YXW Package: growl Version: 1.9.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16042 CRITICAL Growl before 1.10.0 vulnerable to Command Injection 1.9.2 Initial Release 1.10.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FQPXKKJW Package: json-schema Version: 0.2.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-3918 CRITICAL json-schema is vulnerable to Prototype Pollution 0.2.3 Initial Release 0.4.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75H6Z77YP6 Package: underscore Version: 1.8.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23358 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1081504 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1081503 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JS-UNDERSCORE-1080984 CRITICAL Arbitrary Code Execution in underscore 1.8.3 1.3.2 1.12.1 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75H3GFBCSX Package: underscore Version: 1.6.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23358 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWER-1081504 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1081503 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE
SNYK-JS-UNDERSCORE-1080984 CRITICAL Arbitrary Code Execution in underscore 1.6.0 1.3.2 1.12.1 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GDDK0YXP Package: node-forge Version: 0.6.46 Vulnerabilities: 5 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-7720 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-609293 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
SNYK-JS-NODEFORGE-598677 HIGH Prototype Pollution in node-forge 0.6.46 Initial Release 0.10.0 NEGLIGIBLE
CVE-2022-0122 MEDIUM Open Redirect in node-forge 0.6.46 Initial Release 1.0.0 NEGLIGIBLE
CVE-2022-24773 MEDIUM Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24771 HIGH Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE
CVE-2022-24772 HIGH Improper Verification of Cryptographic Signature in node-forge 0.6.46 Initial Release 1.3.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75G0279WBP Package: marked Version: 0.3.6 Vulnerabilities: 4 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000427 MEDIUM Marked vulnerable to XSS from data URIs 0.3.6 Initial Release 0.3.7 NEGLIGIBLE
CVE-2017-16114 HIGH Regular Expression Denial of Service in marked 0.3.6 Initial Release 0.3.9 NEGLIGIBLE
CVE-2022-21681 HIGH Inefficient Regular Expression Complexity in marked 0.3.6 Initial Release 4.0.10 NEGLIGIBLE
CVE-2022-21680 HIGH Inefficient Regular Expression Complexity in marked 0.3.6 Initial Release 4.0.10 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FP5BMDPC Package: hoek Version: 2.16.3 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3728 HIGH Prototype Pollution in hoek 2.16.3 Initial Release 4.2.1 NEGLIGIBLE
CVE-2020-36604 HIGH hoek subject to prototype pollution via the clone function. 2.16.3 Initial Release 9.0.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GFQXAX13 Package: qs Version: 6.2.1 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000048 HIGH Prototype Pollution Protection Bypass in qs 6.2.1 6.2.0 6.3.2 NEGLIGIBLE
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.2.1 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GK3454D6 Package: qs Version: 6.3.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-1000048 HIGH Prototype Pollution Protection Bypass in qs 6.3.0 6.3.0 6.3.2 NEGLIGIBLE
CVE-2022-24999 HIGH qs vulnerable to Prototype Pollution 6.3.0 Initial Release 6.10.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FPZPARZB Package: is-my-json-valid Version: 2.15.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-1107 MEDIUM Regular expression deinal of service (ReDoS) in is-my-json-valid 2.15.0 Initial Release 2.17.2 NEGLIGIBLE
CVE-2016-2537 HIGH Regular Expression Denial of Service in is-my-json-valid 2.15.0 Initial Release 2.17.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FQ4884J4 Package: js-yaml Version: 3.6.1 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Denial of Service in js-yaml 3.6.1 Initial Release 3.13.0 N/A
N/A HIGH Code Injection in js-yaml 3.6.1 Initial Release 3.13.1 N/A

ID: 01JE5DH5DEKE6QNJ75GWHA6R5C Package: shelljs Version: 0.3.0 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-0144 HIGH Improper Privilege Management in shelljs 0.3.0 Initial Release 0.8.5 NEGLIGIBLE
N/A MEDIUM Improper Privilege Management in shelljs 0.3.0 Initial Release 0.8.5 N/A

ID: 01JE5DH5DEKE6QNJ75H1TMR9N0 Package: tough-cookie Version: 2.3.2 Vulnerabilities: 2 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-15010 HIGH Regular Expression Denial of Service in tough-cookie 2.3.2 Initial Release 2.3.3 NEGLIGIBLE
CVE-2023-26136 MEDIUM tough-cookie Prototype Pollution vulnerability 2.3.2 Initial Release 4.1.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75F56DT3PR Package: brace-expansion Version: 1.1.6 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-18077 HIGH ReDoS in brace-expansion 1.1.6 Initial Release 1.1.7 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75F7BNAW52 Package: debug Version: 2.2.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20165 HIGH debug Inefficient Regular Expression Complexity vulnerability 2.2.0 Initial Release 3.1.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FA05K5F7 Package: diff Version: 1.4.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A HIGH Regular Expression Denial of Service (ReDoS) 1.4.0 Initial Release 3.5.0 N/A

ID: 01JE5DH5DEKE6QNJ75FMM2DRX3 Package: hawk Version: 3.1.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-29167 HIGH Uncontrolled Resource Consumption in Hawk 3.1.3 Initial Release 9.0.1 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FT8P5YDS Package: keypair Version: 1.0.0 Vulnerabilities: 1 Type: Direct

cctv/node_modules/google-auth-library/package.json

Line 50 in 16064b1

"keypair": "^1.0.0",

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-41117 HIGH Insecure random number generation in keypair 1.0.0 Initial Release 1.0.4 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75G1XK1PCG Package: mime Version: 1.3.4 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-16138 HIGH mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input 1.3.4 Initial Release 2.0.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75G5D90S5M Package: minimatch Version: 3.0.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2022-3517 HIGH minimatch ReDoS vulnerability 3.0.3 Initial Release 3.0.5 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GZ0T3WV3 Package: sshpk Version: 1.10.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-3737 HIGH Regular Expression Denial of Service in sshpk 1.10.1 Initial Release 1.13.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GZPK1B2T Package: taffydb Version: 2.6.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2019-10790 HIGH TaffyDB can allow access to any data items in the DB 2.6.2 Initial Release N/A NEGLIGIBLE
SNYK-JS-TAFFY-546521 HIGH TaffyDB can allow access to any data items in the DB 2.6.2 Initial Release N/A NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75F1B02EZ8 Package: base64url Version: 2.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Out-of-bounds Read in base64url 2.0.0 Initial Release 3.0.0 N/A

ID: 01JE5DH5DEKE6QNJ75F4RVDCS7 Package: bl Version: 1.1.2 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2020-8244 MEDIUM Remote Memory Exposure in bl 1.1.2 Initial Release 1.2.3 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FCC3C00G Package: extend Version: 3.0.0 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-16492 MEDIUM Prototype Pollution in extend 3.0.0 Initial Release 3.0.2 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75FS0CDWSC Package: jsonpointer Version: 4.0.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2021-23807 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE
SNYK-JAVA-ORGWEBJARSNPM-1910273 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE
SNYK-JS-JSONPOINTER-1577288 MEDIUM Prototype Pollution in node-jsonpointer 4.0.1 Initial Release 5.0.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GBR97N1N Package: ms Version: 0.7.1 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2017-20162 MEDIUM Vercel ms Inefficient Regular Expression Complexity vulnerability 0.7.1 Initial Release 2.0.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GTF7ZRB5 Package: request Version: 2.79.0 Vulnerabilities: 1 Type: Direct

cctv/node_modules/google-auth-library/package.json

Line 8 in 16064b1

"_requested": {

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.79.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GPKJ8V21 Package: request Version: 2.75.0 Vulnerabilities: 1 Type: Direct

cctv/node_modules/google-auth-library/package.json

Line 8 in 16064b1

"_requested": {

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2023-28155 MEDIUM Server-Side Request Forgery in Request 2.75.0 Initial Release 3.0.0 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75GZGJJ1FF Package: stringstream Version: 0.0.5 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
CVE-2018-21270 MEDIUM Out-of-bounds Read in stringstream 0.0.5 Initial Release 0.0.6 NEGLIGIBLE

ID: 01JE5DH5DEKE6QNJ75H25HCJ5X Package: tunnel-agent Version: 0.4.3 Vulnerabilities: 1 Type: Transitive

View Vulnerabilities (CVEs)
CVE Severity Issue Current Version Introduced in Fixed in Priority
N/A MEDIUM Memory Exposure in tunnel-agent 0.4.3 Initial Release 0.6.0 N/A

Reply with /nullify to interact with me like another developer
@mantel-group-nullify mantel-group-nullify bot pinned this issue Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants