itsKedar / TodoList_mern

0 stars 0 forks source link

CX: CVE-2022-1650 in Npm-eventsource and 1.0.7 @ TodoList_mern.main #26

Open itsKedar opened 2 years ago

itsKedar commented 2 years ago

Description

Exposure of Sensitive Information to an Unauthorized Actor in eventsource before 1.1.1 and 2.0.x before 2.0.2.

HIGH Vulnerable Package issue exists @ eventsource in branch main

Vulnerability ID: CVE-2022-1650

Package Name: eventsource

Severity: HIGH

CVSS Score: 9.3

Publish Date: 2022-05-12T11:15:00

Current Package Version: 1.0.7

Remediation Upgrade Recommendation: 1.1.1

Link To SCA

Reference – NVD link