Closed mdebarros closed 3 years ago
mdebarros
commented
3 years ago mdebarros
commented
3 years ago Audit issues that have been ignored:
--------------------------------------------------
yargs-parser needs your attention.
[ low ] Prototype Pollution
vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
- dependencies: @mojaloop/central-ledger>@mojaloop/central-services-shared>widdershins>yargs>yargs-parser
- dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parserRisk: Minimal
Impact: Only impacts the /documents end-point.
--------------------------------------------------
sanitize-html needs your attention.
[ moderate ] Improper Input Validation
vulnerable versions <2.3.1 found in:
- dependencies: @mojaloop/central-ledger>@mojaloop/central-services-shared>shins>sanitize-html
- dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
vulnerable versions <2.3.2 found in:
- dependencies: @mojaloop/central-ledger>@mojaloop/central-services-shared>shins>sanitize-html
- dependencies: @mojaloop/central-services-shared>shins>sanitize-htmlRisk: Minimal
Impact: Only impacts the /documents end-point.
--------------------------------------------------
glob-parent needs your attention.
[ moderate ] Regular expression denial of service
vulnerable versions <5.1.2 found in:
- dependencies: @mojaloop/central-ledger>require-glob>glob-parentRisk: Minimal Impact: Only impacts the loading of routes/configs on service startup/bootstrap.
--------------------------------------------------
hosted-git-info needs your attention.
[ moderate ] Regular Expression Denial of Service
vulnerable versions <2.8.9 || >=3.0.0 <3.0.8 found in:
- dependencies: @mojaloop/central-ledger>npm-run-all>read-pkg>normalize-package-data>hosted-git-infoRisk: Minimal Impact: Only impacts NPM scripts.