Serverless Examples – A collection of boilerplates and examples of serverless architectures built with the Serverless Framework on AWS Lambda, Microsoft Azure, Google Cloud Functions, and more.
Path to dependency file: /aws-node-graphql-and-rds/package.json
Path to vulnerable library: /aws-node-graphql-and-rds/node_modules/pg/node_modules/semver/package.json,/aws-node-heroku-postgres/node_modules/semver/package.json
Path to dependency file: /aws-node-oauth-dropbox-api/package.json
Path to vulnerable library: /aws-node-oauth-dropbox-api/node_modules/agent-base/node_modules/semver/package.json,/aws-node-signed-uploads/node_modules/agent-base/node_modules/semver/package.json
Path to dependency file: /aws-node-dynamic-image-resizer/package.json
Path to vulnerable library: /aws-node-dynamic-image-resizer/node_modules/core-js-compat/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/core-js-compat/node_modules/semver/package.json
Path to dependency file: /aws-node-typescript-apollo-lambda/package.json
Path to vulnerable library: /aws-node-typescript-apollo-lambda/node_modules/serverless-offline/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-offline/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/ts-jest/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/eslint/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/@typescript-eslint/eslint-plugin/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-webpack/node_modules/semver/package.json
Path to dependency file: /aws-node-vue-nuxt-ssr/package.json
Path to vulnerable library: /aws-node-vue-nuxt-ssr/node_modules/webpack/node_modules/semver/package.json,/aws-node-rest-api-mongodb/node_modules/semver/package.json,/aws-node-typescript-kinesis/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/jsonwebtoken/node_modules/semver/package.json,/google-golang-simple-http-endpoint/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/@babel/register/node_modules/semver/package.json,/aws-node-typescript-rest-api-with-dynamodb/node_modules/semver/package.json,/aws-golang-auth-examples/node_modules/cross-spawn/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-signed-uploads/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/hard-source-webpack-plugin/node_modules/semver/package.json,/aws-node-http-api-typescript-dynamodb/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/jsonwebtoken/node_modules/semver/package.json,/google-node-simple-http-endpoint/node_modules/semver/package.json,/azure-node-line-bot/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/semver/package.json,/google-python-simple-http-endpoint/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/cross-spawn/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-fullstack/backend/node_modules/cross-spawn/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/package-json/node_modules/semver/package.json,/aws-node-http-api-mongodb/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/semver-diff/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-azure-functions/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/semver/package.json,/aws-node-twilio-send-text-message/node_modules/semver/package.json,/azure-node-line-bot/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/semver-diff/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/ts-loader/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-typescript-sqs-standard/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/package-json/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/tslint/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/node-environment-flags/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/jsonwebtoken/node_modules/semver/package.json
Path to dependency file: /aws-node-dynamic-image-resizer/package.json
Path to vulnerable library: /aws-node-dynamic-image-resizer/node_modules/babel-loader/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/aws-golang-auth-examples/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/configstore/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/make-dir/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/@babel/core/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@serverless/core/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/semver/package.json,/aws-node-typescript-sqs-standard/node_modules/eslint/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/core/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/istanbul-lib-instrument/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/make-dir/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/babel-plugin-polyfill-corejs2/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/eslint/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@serverless/enterprise-plugin/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/core/node_modules/semver/package.json,/aws-node-typescript-kinesis/node_modules/eslint/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/make-dir/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/package-json/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/helper-define-polyfill-provider/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/preset-env/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/package-json/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/package-json/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/package-json/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/semver-diff/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/package-json/node_modules/semver/package.json,/azure-node-line-bot/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/plugin-transform-runtime/node_modules/semver/package.json
Path to dependency file: /aws-golang-auth-examples/package.json
Path to vulnerable library: /aws-golang-auth-examples/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-sqs-worker/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/src/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/src/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/update-notifier/node_modules/semver/package.json,/aws-python-sqs-worker/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/cli/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/css-loader/node_modules/semver/package.json,/aws-node-sqs-worker/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/update-notifier/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/webpack/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/update-notifier/node_modules/semver/package.json,/aws-python-sqs-worker/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@npmcli/fs/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/utils/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/@serverless/components/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/update-notifier/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/superagent/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-fullstack/backend/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/components/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/serverless-offline/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json
Path to dependency file: /aws-node-mongodb-atlas/package.json
Path to vulnerable library: /aws-node-mongodb-atlas/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/semver/package.json,/aws-dotnet-rest-api-with-dynamodb/src/DotNetServerless.Lambda/node_modules/semver/package.json,/aws-node-fullstack/frontend/package.json,/aws-node-fullstack/frontend/node_modules/semver/package.json,/aws-node-github-check/node_modules/semver/package.json
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CVE-2022-25883 - High Severity Vulnerability
semver-4.3.2.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-4.3.2.tgz
Path to dependency file: /aws-node-graphql-and-rds/package.json
Path to vulnerable library: /aws-node-graphql-and-rds/node_modules/pg/node_modules/semver/package.json,/aws-node-heroku-postgres/node_modules/semver/package.json
Dependency Hierarchy: - pg-7.11.0.tgz (Root Library) - :x: **semver-4.3.2.tgz** (Vulnerable Library)
semver-5.7.0.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-5.7.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/semver/package.json,/aws-node-typescript-sqs-standard/package.json
Dependency Hierarchy: - eslint-5.15.3.tgz (Root Library) - :x: **semver-5.7.0.tgz** (Vulnerable Library)
semver-5.0.3.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-5.0.3.tgz
Path to dependency file: /aws-node-oauth-dropbox-api/package.json
Path to vulnerable library: /aws-node-oauth-dropbox-api/node_modules/agent-base/node_modules/semver/package.json,/aws-node-signed-uploads/node_modules/agent-base/node_modules/semver/package.json
Dependency Hierarchy: - serverless-1.27.3.tgz (Root Library) - https-proxy-agent-1.0.0.tgz - agent-base-2.1.1.tgz - :x: **semver-5.0.3.tgz** (Vulnerable Library)
semver-5.5.0.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-5.5.0.tgz
Dependency Hierarchy: - react-scripts-2.1.8.tgz (Root Library) - fsevents-1.2.4.tgz - node-pre-gyp-0.10.0.tgz - :x: **semver-5.5.0.tgz** (Vulnerable Library)
semver-7.0.0.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-7.0.0.tgz
Path to dependency file: /aws-node-dynamic-image-resizer/package.json
Path to vulnerable library: /aws-node-dynamic-image-resizer/node_modules/core-js-compat/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/core-js-compat/node_modules/semver/package.json
Dependency Hierarchy: - nuxt-2.15.8.tgz (Root Library) - babel-preset-app-2.15.8.tgz - core-js-compat-3.19.1.tgz - :x: **semver-7.0.0.tgz** (Vulnerable Library)
semver-7.3.2.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-7.3.2.tgz
Path to dependency file: /aws-node-typescript-apollo-lambda/package.json
Path to vulnerable library: /aws-node-typescript-apollo-lambda/node_modules/serverless-offline/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/@typescript-eslint/typescript-estree/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-offline/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/ts-jest/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/eslint/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/@typescript-eslint/eslint-plugin/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-webpack/node_modules/semver/package.json
Dependency Hierarchy: - serverless-offline-6.8.0.tgz (Root Library) - :x: **semver-7.3.2.tgz** (Vulnerable Library)
semver-5.7.1.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-5.7.1.tgz
Path to dependency file: /aws-node-vue-nuxt-ssr/package.json
Path to vulnerable library: /aws-node-vue-nuxt-ssr/node_modules/webpack/node_modules/semver/package.json,/aws-node-rest-api-mongodb/node_modules/semver/package.json,/aws-node-typescript-kinesis/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/jsonwebtoken/node_modules/semver/package.json,/google-golang-simple-http-endpoint/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/@babel/register/node_modules/semver/package.json,/aws-node-typescript-rest-api-with-dynamodb/node_modules/semver/package.json,/aws-golang-auth-examples/node_modules/cross-spawn/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-signed-uploads/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/hard-source-webpack-plugin/node_modules/semver/package.json,/aws-node-http-api-typescript-dynamodb/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/jsonwebtoken/node_modules/semver/package.json,/google-node-simple-http-endpoint/node_modules/semver/package.json,/azure-node-line-bot/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/semver/package.json,/google-python-simple-http-endpoint/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/cross-spawn/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-fullstack/backend/node_modules/cross-spawn/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/package-json/node_modules/semver/package.json,/aws-node-http-api-mongodb/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/semver-diff/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/normalize-package-data/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/serverless-azure-functions/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/semver/package.json,/aws-node-twilio-send-text-message/node_modules/semver/package.json,/azure-node-line-bot/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/semver-diff/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/ts-loader/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-typescript-sqs-standard/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/package-json/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/tslint/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/node-environment-flags/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/cross-spawn/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/jsonwebtoken/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/jsonwebtoken/node_modules/semver/package.json
Dependency Hierarchy: - nuxt-2.15.8.tgz (Root Library) - webpack-2.15.8.tgz - webpack-4.46.0.tgz - terser-webpack-plugin-1.4.5.tgz - find-cache-dir-2.1.0.tgz - make-dir-2.1.0.tgz - :x: **semver-5.7.1.tgz** (Vulnerable Library)
semver-6.3.0.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-6.3.0.tgz
Path to dependency file: /aws-node-dynamic-image-resizer/package.json
Path to vulnerable library: /aws-node-dynamic-image-resizer/node_modules/babel-loader/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/enterprise-plugin/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/aws-golang-auth-examples/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/semver/package.json,/aws-node-rest-api-typescript/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/configstore/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/serverless/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/make-dir/node_modules/semver/package.json,/aws-node-auth0-custom-authorizers-api/node_modules/@babel/core/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@serverless/core/node_modules/semver/package.json,/azure-node-telegram-bot/node_modules/semver/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/semver/package.json,/aws-node-typescript-sqs-standard/node_modules/eslint/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/core/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/istanbul-lib-instrument/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/find-cache-dir/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/make-dir/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/babel-plugin-polyfill-corejs2/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/eslint/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@serverless/enterprise-plugin/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/@serverless/core/node_modules/semver/package.json,/aws-node-typescript-kinesis/node_modules/eslint/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/make-dir/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/package-json/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/semver-diff/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/helper-define-polyfill-provider/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/preset-env/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/package-json/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/package-json/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/semver/package.json,/aws-node-typescript-apollo-lambda/node_modules/package-json/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/semver-diff/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/package-json/node_modules/semver/package.json,/azure-node-line-bot/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/@babel/plugin-transform-runtime/node_modules/semver/package.json
Dependency Hierarchy: - eslint-6.6.0.tgz (Root Library) - :x: **semver-6.3.0.tgz** (Vulnerable Library)
semver-7.3.5.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-7.3.5.tgz
Path to dependency file: /aws-golang-auth-examples/package.json
Path to vulnerable library: /aws-golang-auth-examples/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-sqs-worker/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/src/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/src/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/update-notifier/node_modules/semver/package.json,/aws-python-sqs-worker/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/cli/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/css-loader/node_modules/semver/package.json,/aws-node-sqs-worker/node_modules/@aws-cdk/cx-api/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/update-notifier/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/webpack/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/update-notifier/node_modules/semver/package.json,/aws-python-sqs-worker/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@npmcli/fs/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/utils/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/@serverless/components/node_modules/semver/package.json,/aws-rust-simple-http-endpoint/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-http-api-typescript/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/semver/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-rest-api-typescript-simple/node_modules/update-notifier/node_modules/semver/package.json,/aws-node-rest-api-with-dynamodb-and-offline/node_modules/serverless-offline/node_modules/semver/package.json,/aws-node-puppeteer/node_modules/superagent/node_modules/semver/package.json,/aws-node-dynamic-image-resizer/node_modules/serverless-webpack/node_modules/semver/package.json,/aws-node-fullstack/backend/node_modules/semver/package.json,/aws-node-vue-nuxt-ssr/node_modules/@nuxt/components/node_modules/semver/package.json,/aws-node-http-api-dynamodb-local/node_modules/serverless-offline/node_modules/semver/package.json,/aws-ruby-sqs-with-dynamodb/node_modules/semver/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/serverless/node_modules/@serverless/components/node_modules/semver/package.json,/aws-node-s3-file-replicator/node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver/package.json
Dependency Hierarchy: - nuxt-2.15.8.tgz (Root Library) - webpack-2.15.8.tgz - :x: **semver-7.3.5.tgz** (Vulnerable Library)
semver-5.6.0.tgz
The semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-5.6.0.tgz
Path to dependency file: /aws-node-mongodb-atlas/package.json
Path to vulnerable library: /aws-node-mongodb-atlas/node_modules/semver/package.json,/aws-node-typescript-nest/node_modules/semver/package.json,/aws-dotnet-rest-api-with-dynamodb/src/DotNetServerless.Lambda/node_modules/semver/package.json,/aws-node-fullstack/frontend/package.json,/aws-node-fullstack/frontend/node_modules/semver/package.json,/aws-node-github-check/node_modules/semver/package.json
Dependency Hierarchy: - react-scripts-2.1.8.tgz (Root Library) - webpack-dev-server-3.1.14.tgz - chokidar-2.1.2.tgz - fsevents-1.2.7.tgz - node-pre-gyp-0.10.3.tgz - :x: **semver-5.6.0.tgz** (Vulnerable Library)
Found in base branch: master
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Publish Date: 2023-06-21
URL: CVE-2022-25883
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
Release Date: 2023-06-21
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (pg): 8.4.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (eslint): 7.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (serverless): 4.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (react-scripts): 5.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (nuxt): 3.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (serverless-offline): 10.2.1
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (nuxt): 3.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (eslint): 7.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (nuxt): 3.0.0
Fix Resolution (semver): 5.7.2
Direct dependency fix Resolution (react-scripts): 5.0.0
Step up your Open Source Security Game with Mend here