We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable Package issue exists @ Npm-nanoid-3.1.20 in branch main
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: MEDIUM State: NOT_IGNORED Status: RECURRENT CWE: CWE-704
Additional Info Attack vector: LOCAL Attack complexity: LOW Confidentiality impact: HIGH Availability impact: NONE Remediation Upgrade Recommendation: 3.1.31
References Advisory Commit Pull request
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Vulnerable Package issue exists @ Npm-nanoid-3.1.20 in branch main
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Namespace: westonphillips
Repository: CheckmarxOnePOV
Repository Url: https://github.com/westonphillips/CheckmarxOnePOV
CxAST-Project: westonphillips/CheckmarxOnePOV
CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c
Branch: main
Application: CheckmarxOnePOV
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-704
Additional Info
Attack vector: LOCAL
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 3.1.31
References
Advisory
Commit
Pull request
The text was updated successfully, but these errors were encountered: