request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via npm audit fix
node_modules/request
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via npm audit fix
node_modules/@npmcli/fs/node_modules/semver
shankiflang
commented
4 months ago
Debugger attached.
npm audit report
lodash <=4.17.20 Severity: high Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 No fix available node_modules/coinbase-commerce-node/node_modules/lodash coinbase-commerce-node * Depends on vulnerable versions of lodash Depends on vulnerable versions of request node_modules/coinbase-commerce-node
qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via
npm audit fixnode_modules/request/node_modules/qsrequest * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via
npm audit fixnode_modules/requestsemver 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via
npm audit fixnode_modules/@npmcli/fs/node_modules/semvertough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via
npm audit fixnode_modules/tough-cookie6 vulnerabilities (3 moderate, 3 high)
To address issues that do not require attention, run: npm audit fix
Some issues need review, and may require choosing a different dependency.