You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.
Denial of Service (DoS) vulnerability found in mem before 4.0.0. There is a failure in removal of old values from the cache. As a result, attacker may exhaust the system's memory.
mend-local-appbot
changed the title
concurrently-4.0.1.tgz: 4 vulnerabilities (highest severity is: 9.8)
concurrently-4.0.1.tgz: 5 vulnerabilities (highest severity is: 9.8)
Nov 15, 2023
mend-local-appbot
changed the title
concurrently-4.0.1.tgz: 5 vulnerabilities (highest severity is: 9.8)
concurrently-4.0.1.tgz: 4 vulnerabilities (highest severity is: 9.8)
Nov 16, 2023
Vulnerable Library - concurrently-4.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/y18n/package.json
Found in HEAD commit: df030affe6fe3de4496f2f71d0bed6559686b108
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-15599
Vulnerable Library - tree-kill-1.2.0.tgz
kill trees of processes
Library home page: https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/tree-kill/package.json
Dependency Hierarchy:
Found in HEAD commit: df030affe6fe3de4496f2f71d0bed6559686b108
Found in base branch: master
Vulnerability Details
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Publish Date: 2019-12-18
URL: CVE-2019-15599
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/701183
Release Date: 2019-12-18
Fix Resolution: tree-kill - 1.2.2
CVE-2020-7774
Vulnerable Library - y18n-3.2.1.tgz
the bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/y18n/package.json
Dependency Hierarchy:
Found in HEAD commit: df030affe6fe3de4496f2f71d0bed6559686b108
Found in base branch: master
Vulnerability Details
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Publish Date: 2020-11-17
URL: CVE-2020-7774
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1654
Release Date: 2020-11-17
Fix Resolution (y18n): 3.2.2
Direct dependency fix Resolution (concurrently): 4.1.0
In order to enable automatic remediation, please create workflow rules
WS-2018-0236
Vulnerable Library - mem-1.1.0.tgz
Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input
Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mem/package.json
Dependency Hierarchy:
Found in HEAD commit: df030affe6fe3de4496f2f71d0bed6559686b108
Found in base branch: master
Vulnerability Details
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.
Publish Date: 2018-08-27
URL: WS-2018-0236
CVSS 2 Score Details (5.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1623744
Release Date: 2019-05-30
Fix Resolution: 4.0.0
WS-2019-0307
Vulnerable Library - mem-1.1.0.tgz
Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input
Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mem/package.json
Dependency Hierarchy:
Found in HEAD commit: df030affe6fe3de4496f2f71d0bed6559686b108
Found in base branch: master
Vulnerability Details
Denial of Service (DoS) vulnerability found in mem before 4.0.0. There is a failure in removal of old values from the cache. As a result, attacker may exhaust the system's memory.
Publish Date: 2018-08-27
URL: WS-2019-0307
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1084
Release Date: 2019-12-01
Fix Resolution: mem - 4.0.0
In order to enable automatic remediation for this issue, please create workflow rules
The text was updated successfully, but these errors were encountered: