As part of our image scanning we found that the latest JsPolicy (0.2.2) has several unaddressed CVEs
CVE ID: CVE-2023-26604,CVE-2023-50387
Vulnerabilities in libudev1
CVE-2023-42282 (MITRENIST) Server-Side Request Forgery (SSRF) Vulnerability in ip 2.0.0
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVE-2022-37434 (MITRENIST) Out-of-bounds Write Vulnerability in zlib 1.2.11
CVE-2023-45853 (MITRENIST) Integer Overflow or Wraparound Vulnerability in zlib 1.2.11
CVE-2021-4279 (MITRENIST) Vulnerability in jsonpatch 2.2.0
CVE-2023-28154 (MITRENIST) Vulnerability in webpack 5.75.0
As part of our image scanning we found that the latest JsPolicy (0.2.2) has several unaddressed CVEs
CVE ID: CVE-2023-26604,CVE-2023-50387 Vulnerabilities in libudev1
CVE-2023-42282 (MITRE NIST) Server-Side Request Forgery (SSRF) Vulnerability in ip 2.0.0 The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVE-2022-37434 (MITRE NIST) Out-of-bounds Write Vulnerability in zlib 1.2.11
CVE-2023-45853 (MITRE NIST) Integer Overflow or Wraparound Vulnerability in zlib 1.2.11
CVE-2021-4279 (MITRE NIST) Vulnerability in jsonpatch 2.2.0
CVE-2023-28154 (MITRE NIST) Vulnerability in webpack 5.75.0