Closed abilpraju-aot closed 3 months ago
JIRA: https://aottech.atlassian.net/browse/FWF-3119
High loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Package loader-utils
Dependency of react-scripts
Path react-scripts > react-dev-utils > loader-utils
More info https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Critical Prototype pollution in webpack loader-utils
More info https://github.com/advisories/GHSA-76p3-8jx3-jpfq
Moderate PostCSS line return parsing error
Package postcss
Path react-scripts > css-loader > postcss
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
Path react-scripts > css-loader > icss-utils > postcss
Path react-scripts > css-loader > postcss-modules-local-by-default > icss-utils > postcss
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
cssnano-preset-default > css-declaration-sorter > postcss
cssnano-preset-default > postcss-merge-longhand > stylehacks > postcss
High loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
More info https://github.com/advisories/GHSA-3rfm-jhwj-7488
High Path traversal in webpack-dev-middleware
Package webpack-dev-middleware
Path react-scripts > webpack-dev-server > webpack-dev-middleware
More info https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance
Moderate Cross-site Scripting in quill
Package quill
Patched in No patch available
Dependency of react-quill
Path react-quill > quill
More info https://github.com/advisories/GHSA-4943-9vgg-gr5r
Patched in >=8.4.31
Path react-scripts > resolve-url-loader > postcss
found 11 vulnerabilities (7 moderate, 3 high, 1 critical) in 2547 scanned packages 9 vulnerabilities require semver-major dependency updates. 2 vulnerabilities require manual review. See the full report for details.
Issue Tracking
JIRA: https://aottech.atlassian.net/browse/FWF-3119
High loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Package loader-utils
Dependency of react-scripts
Path react-scripts > react-dev-utils > loader-utils
More info https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Critical Prototype pollution in webpack loader-utils
Package loader-utils
Dependency of react-scripts
Path react-scripts > react-dev-utils > loader-utils
More info https://github.com/advisories/GHSA-76p3-8jx3-jpfq
Moderate PostCSS line return parsing error
Package postcss
Dependency of react-scripts
Path react-scripts > css-loader > postcss
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Dependency of react-scripts
Path react-scripts > css-loader > icss-utils > postcss
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Dependency of react-scripts
Path react-scripts > css-loader > postcss-modules-local-by-default > icss-utils > postcss
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Dependency of react-scripts
Path react-scripts > optimize-css-assets-webpack-plugin > cssnano
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
High loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Package loader-utils
Dependency of react-scripts
Path react-scripts > react-dev-utils > loader-utils
More info https://github.com/advisories/GHSA-3rfm-jhwj-7488
High Path traversal in webpack-dev-middleware
Package webpack-dev-middleware
Dependency of react-scripts
Path react-scripts > webpack-dev-server > webpack-dev-middleware
More info https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
Moderate Cross-site Scripting in quill
Package quill
Patched in No patch available
Dependency of react-quill
Path react-quill > quill
More info https://github.com/advisories/GHSA-4943-9vgg-gr5r
Moderate PostCSS line return parsing error
Package postcss
Patched in >=8.4.31
Dependency of react-scripts
Path react-scripts > resolve-url-loader > postcss
More info https://github.com/advisories/GHSA-7fh5-64p2-3v2j
found 11 vulnerabilities (7 moderate, 3 high, 1 critical) in 2547 scanned packages 9 vulnerabilities require semver-major dependency updates. 2 vulnerabilities require manual review. See the full report for details.