search

SharonKoch / govuk-frontend_Demo

MIT License
0 stars 0 forks source link

puppeteer-22.6.2.tgz: 1 vulnerabilities (highest severity is: 9.1) #11

Open mend-for-github-com[bot] opened 4 months ago

mend-for-github-com[bot] commented 4 months ago
Vulnerable Library - puppeteer-22.6.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (puppeteer version) Remediation Possible**
CVE-2024-29415 Critical 9.1 ip-2.0.1.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-29415 ### Vulnerable Library - ip-2.0.1.tgz

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy: - puppeteer-22.6.2.tgz (Root Library) - browsers-2.2.0.tgz - proxy-agent-6.4.0.tgz - socks-proxy-agent-8.0.2.tgz - socks-2.7.1.tgz - :x: **ip-2.0.1.tgz** (Vulnerable Library)

Found in base branch: main

### Vulnerability Details

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

Publish Date: 2024-05-27

URL: CVE-2024-29415

### CVSS 3 Score Details (9.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

github-actions[bot] commented 4 months ago

Uh oh! @mend-for-github-com[bot], the image you shared is missing helpful alt text. Check your issue body.

Alt text is an invisible description that helps screen readers describe images to blind or low-vision users. If you are using markdown to display images, add your alt text inside the brackets of the markdown image.

Learn more about alt text at Basic writing and formatting syntax: images on GitHub Docs.

🤖 Beep boop! This comment was added automatically by github/accessibility-alt-text-bot.