search

turkdevops / vuepress

📝 Minimalistic Vue-powered static site generator
https://vuepress.vuejs.org
MIT License
1 stars 0 forks source link

CVE-2021-3807 (Medium) detected in ansi-regex-3.0.0.tgz, ansi-regex-4.0.0.tgz - autoclosed #405

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2021-3807 - Medium Severity Vulnerability

Vulnerable Libraries - ansi-regex-3.0.0.tgz, ansi-regex-4.0.0.tgz

ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Path to dependency file: vuepress/package.json

Path to vulnerable library: vuepress/node_modules/ansi-regex/package.json

Dependency Hierarchy: - lint-staged-7.3.0.tgz (Root Library) - jest-validate-23.6.0.tgz - pretty-format-23.6.0.tgz - :x: **ansi-regex-3.0.0.tgz** (Vulnerable Library)

ansi-regex-4.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.0.0.tgz

Path to dependency file: vuepress/package.json

Path to vulnerable library: vuepress/node_modules/ansi-regex/package.json

Dependency Hierarchy: - inquirer-6.2.2.tgz (Root Library) - strip-ansi-5.0.0.tgz - :x: **ansi-regex-4.0.0.tgz** (Vulnerable Library)

Found in HEAD commit: c92c6e92210e5c9ecdbb18cd5aae9ee4bea21b00

Found in base branch: public-files-with-tests

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: N/A - Attack Complexity: N/A - Privileges Required: N/A - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #406

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #406