search

mervick / aes-everywhere

Aes Everywhere - Cross Language AES 256 Encryption Library (Bash, Powershell, C#, Dart, GoLang, Java, JavaScript, Lua, PHP, Python, Ruby, Swift)
Other
485 stars 168 forks source link

Outdated dev dependencies #44

Open tomymehdi opened 1 week ago

tomymehdi commented 1 week ago

│ high │ Uncontrolled resource consumption in braces │ │ Package │ braces │ │ Patched in │ >=3.0.3 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt-browserify > watchify > chokidar > │ │ │ anymatch > micromatch > braces │ │ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Uncontrolled resource consumption in braces │ │ Package │ braces │ │ Patched in │ >=3.0.3 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt-browserify > watchify > anymatch > │ │ │ micromatch > braces │ │ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Uncontrolled resource consumption in braces │ │ Package │ braces │ │ Patched in │ >=3.0.3 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt-browserify > watchify > chokidar > │ │ │ braces │ │ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Prototype Pollution in JSON5 via Parse Method │ │ Package │ json5 │ │ Patched in │ >=1.0.2 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > babelify > babel-core > json5 │ │ More info │ https://www.npmjs.com/advisories/1096543

│ high │ Uncontrolled Resource Consumption in trim-newlines │ │ Package │ trim-newlines │ │ Patched in │ >=3.0.1 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > dateformat > meow > trim-newlines │ │ More info │ https://www.npmjs.com/advisories/1095100

│ critical │ Arbitrary Code Execution in underscore │ │ Package │ underscore │ │ Patched in │ >=1.12.1 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > js-yaml > argparse > underscore │ │ More info │ https://www.npmjs.com/advisories/1095097

│ high │ minimatch ReDoS vulnerability │ │ Package │ minimatch │ │ Patched in │ >=3.0.5 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > load-grunt-tasks > multimatch > minimatch │ │ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │ │ Package │ minimatch │ │ Patched in │ >=3.0.5 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > glob > minimatch │ │ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │ │ Package │ minimatch │ │ Patched in │ >=3.0.5 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > minimatch │ │ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │ │ Package │ minimatch │ │ Patched in │ >=3.0.5 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > findup-sync > glob > minimatch │ │ More info │ https://www.npmjs.com/advisories/1096485

│ high │ Regular Expression Denial of Service in minimatch │ │ Package │ minimatch │ │ Patched in │ >=3.0.2 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > load-grunt-tasks > multimatch > minimatch │ │ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │ │ Package │ minimatch │ │ Patched in │ >=3.0.2 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > glob > minimatch │ │ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │ │ Package │ minimatch │ │ Patched in │ >=3.0.2 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > minimatch │ │ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │ │ Package │ minimatch │ │ Patched in │ >=3.0.2 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > findup-sync > glob > minimatch │ │ More info │ https://www.npmjs.com/advisories/1093710

│ critical │ Prototype pollution in getobject │ │ Package │ getobject │ │ Patched in │ >=1.0.0 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-util > getobject │ │ More info │ https://www.npmjs.com/advisories/1093420

│ critical │ Prototype pollution in getobject │ │ Package │ getobject │ │ Patched in │ >=1.0.0 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > getobject │ │ More info │ https://www.npmjs.com/advisories/1093420

│ high │ Race Condition in Grunt │ │ Package │ grunt │ │ Patched in │ >=1.5.3 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt │ │ More info │ https://www.npmjs.com/advisories/1091643

│ high │ Arbitrary Code Execution in grunt │ │ Package │ grunt │ │ Patched in │ >=1.3.0 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt │ │ More info │ https://www.npmjs.com/advisories/1089836

│ high │ Code Injection in js-yaml │ │ Package │ js-yaml │ │ Patched in │ >=3.13.1 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > js-yaml │ │ More info │ https://www.npmjs.com/advisories/1095058

│ critical │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.12 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > lodash │ │ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.12 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │ │ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.12 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │ │ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.12 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > │ │ │ grunt-legacy-log-utils > lodash │ │ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.12 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > findup-sync > lodash │ │ More info │ https://www.npmjs.com/advisories/1097140

│ high │ Command Injection in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.21 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > lodash │ │ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.21 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │ │ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.21 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │ │ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.21 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > │ │ │ grunt-legacy-log-utils > lodash │ │ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.21 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > findup-sync > lodash │ │ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.11 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > lodash │ │ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.11 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │ │ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.11 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │ │ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.11 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > grunt-legacy-log > │ │ │ grunt-legacy-log-utils > lodash │ │ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │ │ Package │ lodash │ │ Patched in │ >=4.17.11 │ │ Dependency of │ aes-everywhere │ │ Path │ aes-everywhere > grunt > findup-sync > lodash │ │ More info │ https://www.npmjs.com/advisories/1094499

mervick commented 1 week ago

Hello. I wanted to note that the flagged dependencies are all dev dependencies and don't impact the production build since we’re distributing a compiled version of the project. This means any potential vulnerabilities in those packages won’t affect end users.

While it's not critical, we can still address these in the next development cycle to ensure the environment stays up-to-date.

Screenshot from 2024-10-25 15-57-50