Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bulk vulnerability fix - Lockfile fix #1

Merged
merged 1 commit into from Jul 20, 2021
Merged

Bulk vulnerability fix - Lockfile fix #1

merged 1 commit into from Jul 20, 2021

Conversation

debricked[bot]
Copy link

@debricked debricked bot commented Jul 20, 2021

Bulk vulnerability fix - Lockfile fix

This pull request will update your transitive dependencies within the allowed version intervals provided by your direct dependencies.

Fixed vulnerabilities:

CVE–2021–23364
CVE–2021–23343
  • Description

    NVD

    All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

  • CVSS details - 7.5

     

    CVSS3 metrics
    Attack Vector Network
    Attack Complexity Low
    Privileges Required None
    User interaction None
    Scope Unchanged
    Confidentiality None
    Integrity None
    Availability High
  • References

        THIRD PARTY
        ReDoS in path-parse · Issue #8 · jbgutierrez/path-parse · GitHub
        Pony Mail!
        THIRD PARTY

CVE–2021–23362

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more at Debricked

 

@hakanwahlstrom hakanwahlstrom merged commit 3528065 into develop Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@hakanwahlstrom