Open RobertMickleCx opened 1 year ago
@RobertMickleCx Has some agent misinterpreted the affected ranges of CVE-2021-3807?
See affected ranges in https://github.com/advisories/GHSA-93q8-gq69-wqmw
Confirmed: https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
The vulnerability does not exist in versions v2.1.1 and lower.
Vulnerable Package issue exists @ Npm-ansi-regex-2.1.1 in branch master
ansi-regex prior to 5.0.1 and 6.0.x prior to 6.0.1 is vulnerable to Inefficient Regular Expression Complexity
Namespace: RobertMickleCx Repository: NodeGoat Repository Url: https://github.com/RobertMickleCx/NodeGoat CxAST-Project: RobertMickleCx/NodeGoat CxAST platform scan: 4cad0b9d-cbe1-4acd-bb82-244764df9dbd Branch: master Application: NodeGoat Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH
References Advisory POC/Exploit Pull request Commit Issue