All CVE scan for nodejsscan, eslint, and codeql. #70
-
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi Your observations match mine. But lets take a dive into some of the From your screenshot,
From the overview, CVE-2017-16107 and CVE-2018-11798 appears Looking at CVE-2017-16107, we see that Looking at CVE-2018-11798, we see that Looking at the alerts that
|
Beta Was this translation helpful? Give feedback.
Hi
Your observations match mine. But lets take a dive into some of the
results, to sanity check the
nodejsscan
behaviour. In conclusion, Ithink everything is as it should be, and perhaps
nodejsscan
justneeds a minor tweak to support a few more CVEs.
From your screenshot,
nodejsscan
do produce a few good results forthe CWE-23 group. So lets investigate that.
From the overview, CVE-2017-16107 and CVE-2018-11798 appears
interesting to look at: in 5 of 6 cases, the vulnerability is
detec…