cesko-digital / nasi-politici

Největší otevřená databáze českých politiků a političek. Zjistěte si, kdo vám vládne.
https://www.nasipolitici.cz
MIT License
20 stars 7 forks source link

[Snyk] Fix for 33 vulnerabilities #159

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-1298035
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-IMMER-1019369
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-LODASH-567746
Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8
Prototype Pollution
SNYK-JS-LODASH-590103
Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-608086
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032
Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-OBJECTPATH-1017036
No Proof of Concept
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-OBJECTPATH-1569453
No No Known Exploit
high severity 590/1000
Why? Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-OBJECTPATH-1585658
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Command Injection
SNYK-JS-REACTDEVUTILS-1083268
Yes Proof of Concept
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
No No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Denial of Service (DoS)
SNYK-JS-SOCKJS-575261
No Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
Yes No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579147
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579152
Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5
Arbitrary File Write
SNYK-JS-TAR-1579155
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-XLSX-1311137
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-XLSX-1311139
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-XLSX-1311141
No Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-XLSX-585898
No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic