search

rsoreq / zenbot

Zenbot is a command-line cryptocurrency trading bot using Node.js and MongoDB.
MIT License
0 stars 0 forks source link

shelljs-0.8.4.tgz: 1 vulnerabilities (highest severity is: 6.9) - autoclosed #862

Closed mend-for-github-com[bot] closed 6 months ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - shelljs-0.8.4.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.8.4.tgz

Path to dependency file: /scripts/auto_backtester/package.json

Path to vulnerable library: /scripts/auto_backtester/node_modules/shelljs/package.json,/scripts/genetic_backtester/node_modules/shelljs/package.json

Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (shelljs version) Remediation Possible** Reachability
CVE-2022-0144 Medium 6.9 Not Defined 0.0% shelljs-0.8.4.tgz Direct 0.8.5

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-0144 ### Vulnerable Library - shelljs-0.8.4.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.8.4.tgz

Path to dependency file: /scripts/auto_backtester/package.json

Path to vulnerable library: /scripts/auto_backtester/node_modules/shelljs/package.json,/scripts/genetic_backtester/node_modules/shelljs/package.json

Dependency Hierarchy: - :x: **shelljs-0.8.4.tgz** (Vulnerable Library)

Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856

Found in base branch: unstable

### Vulnerability Details

shelljs is vulnerable to Improper Privilege Management

Publish Date: 2022-01-11

URL: CVE-2022-0144

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

### CVSS 4 Score Details (6.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2022-01-11

Fix Resolution: 0.8.5

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

mend-for-github-com[bot] commented 6 months ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #927