Serverless Examples – A collection of boilerplates and examples of serverless architectures built with the Serverless Framework on AWS Lambda, Microsoft Azure, Google Cloud Functions, and more.
Path to dependency file: /azure-node-telegram-bot/package.json
Path to vulnerable library: /azure-node-telegram-bot/node_modules/es5-ext/package.json,/aws-node-dynamic-image-resizer/node_modules/es5-ext/package.json,/aws-node-rest-api-typescript-simple/node_modules/es5-ext/package.json,/aws-rust-simple-http-endpoint/node_modules/es5-ext/package.json,/aws-node-typescript-apollo-lambda/node_modules/es5-ext/package.json,/google-node-typescript-http-endpoint/node_modules/es5-ext/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/es5-ext/package.json,/aws-node-fullstack/backend/node_modules/es5-ext/package.json,/aws-node-typescript-nest/node_modules/es5-ext/package.json,/aws-node-http-api-typescript/node_modules/es5-ext/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/es5-ext/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/es5-ext/package.json,/aws-golang-auth-examples/node_modules/es5-ext/package.json,/azure-node-line-bot/node_modules/es5-ext/package.json
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
CVE-2024-27088 - Low Severity Vulnerability
ECMAScript extensions and shims
Library home page: https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.53.tgz
Path to dependency file: /azure-node-telegram-bot/package.json
Path to vulnerable library: /azure-node-telegram-bot/node_modules/es5-ext/package.json,/aws-node-dynamic-image-resizer/node_modules/es5-ext/package.json,/aws-node-rest-api-typescript-simple/node_modules/es5-ext/package.json,/aws-rust-simple-http-endpoint/node_modules/es5-ext/package.json,/aws-node-typescript-apollo-lambda/node_modules/es5-ext/package.json,/google-node-typescript-http-endpoint/node_modules/es5-ext/package.json,/aws-golang-dynamo-stream-to-elasticsearch/node_modules/es5-ext/package.json,/aws-node-fullstack/backend/node_modules/es5-ext/package.json,/aws-node-typescript-nest/node_modules/es5-ext/package.json,/aws-node-http-api-typescript/node_modules/es5-ext/package.json,/aws-python-auth0-custom-authorizers-api/node_modules/es5-ext/package.json,/azure-node-typescript-servicebus-trigger-endpoint/node_modules/es5-ext/package.json,/aws-golang-auth-examples/node_modules/es5-ext/package.json,/azure-node-line-bot/node_modules/es5-ext/package.json
Dependency Hierarchy: - serverless-1.83.3.tgz (Root Library) - ncjsm-4.2.0.tgz - :x: **es5-ext-0.10.53.tgz** (Vulnerable Library)
Found in HEAD commit: dcbe4aefe4b3685f4b15493a01db0f19b118a0c4
Found in base branch: master
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
Publish Date: 2024-02-26
URL: CVE-2024-27088
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-27088
Release Date: 2024-02-26
Fix Resolution (es5-ext): 0.10.63
Direct dependency fix Resolution (serverless): 2.0.0-05627d62
Step up your Open Source Security Game with Mend here