Skip to content

Snyk Package Analysis - Package Vulnerabilities #1069

Open
Open
Snyk Package Analysis - Package Vulnerabilities#1069
@dev-script

Description

@dev-script
dev-script
opened on Feb 23, 2024

Introduced through: express-gateway@1.16.11

High Severity

  • Fixed In: ejs@3.1.7 (Remote Code Execution (RCE))
  • Fixed in: pac-resolver@5.0.0 (Remote Code Execution (RCE))
  • Fixed in: ansi-regex@3.0.1, @4.1.1, @5.0.1, @6.0.1 (Regular Expression Denial of Service (ReDoS))
  • Fixed in: axios@1.6.4 (Prototype Pollution)
  • Fixed in: unset-value@2.0.1 (Prototype Pollution)

Medium Severity

  • Fixed in: express-gateway@1.16.11 › yeoman-environment@2.10.3 › globby@8.0.2 › glob@7.2.3 › inflight@1.0.6 (Missing Release of Resource after Effective Lifetime)
  • Fixed in: glob-parent@5.1.2 (Regular Expression Denial of Service (ReDoS))
  • Fixed in: jsonwebtoken@9.0.0 (Use of a Broken or Risky Cryptographic Algorithm)
  • Fixed in: got@11.8.5, @12.1.0 (Open Redirect)
  • Fixed in: redis@3.1.1 (Regular Expression Denial of Service (ReDoS))
  • Fixed in : passport@0.6.0 (Session Fixation)
Screenshot 2024-02-23 at 2 57 59 PM Screenshot 2024-02-23 at 3 06 07 PM Screenshot 2024-02-23 at 3 06 14 PM Screenshot 2024-02-23 at 3 07 23 PM Screenshot 2024-02-23 at 3 07 27 PM Screenshot 2024-02-23 at 3 07 31 PM Screenshot 2024-02-23 at 3 07 35 PM Screenshot 2024-02-23 at 3 07 39 PM

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions