search

victorb / trymodule

➰ It's never been easier to try nodejs modules!
1.14k stars 29 forks source link

Multiple vulnerabilities in outdated packages #32

Open pumano opened 5 years ago

pumano commented 5 years ago

Currently trymodule contains 41 vulnerabilities (35 moderate, 6 high) due to not updated packages. @victorb please update packages.

List of outdated packages with vulnerabilities:

Severity: Moderate Type: ReDoS
Package brace-expansion
Patched in >=1.1.7
Dependency of trymodule Path trymodule > npmi > npm > fs-vacuum > rimraf > glob > minimatch > brace-expansion
Path trymodule > npmi > npm > fstream-npm > fstream-ignore > minimatch > brace-expansion
Path trymodule > npmi > npm > node-gyp > fstream > rimraf > glob > minimatch > brace-expansion
More info https://nodesecurity.io/advisories/338

Severity: Moderate
Type: Prototype pollution Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of trymodule Path trymodule > npmi > npm > node-gyp > request > hawk > boom > hoek Path trymodule > npmi > npm > node-gyp > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > node-gyp > request > hawk > hoek Path trymodule > npmi > npm > node-gyp > request > hawk > sntp > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > boom > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > sntp > hoek
Path trymodule > npmi > npm > request > hawk > boom > hoek Path trymodule > npmi > npm > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > request > hawk > hoek Path trymodule > npmi > npm > request > hawk > sntp > hoek More info https://nodesecurity.io/advisories/566

Severity: High
Type: Regular Expression Denial of Service
Package sshpk Patched in >=1.13.2 < 1.14.0 || >=1.14.1 Dependency of trymodule Path trymodule > npmi > npm > node-gyp > request > http-signature > sshpk
Path trymodule > npmi > npm > npm-registry-client > request > http-signature > sshpk
Path trymodule > npmi > npm > request > http-signature > sshpk More info https://nodesecurity.io/advisories/606

Severity: High
Type: Regular Expression Denial of Service Package tough-cookie
Patched in >=2.3.3 Dependency of trymodule Path trymodule > npmi > npm > node-gyp > request > tough-cookie Path trymodule > npmi > npm > npm-registry-client > request > tough-cookie
Path trymodule > npmi > npm > request > tough-cookie More info https://nodesecurity.io/advisories/525

Severity: Moderate
Type: Memory Exposure Package tunnel-agent Patched in >=0.6.0 Dependency of trymodule Path trymodule > npmi > npm > node-gyp > request > tunnel-agent Path trymodule > npmi > npm > npm-registry-client > request > tunnel-agent
Path trymodule > npmi > npm > request > tunnel-agent More info https://nodesecurity.io/advisories/598

Severity: Moderate
Type: Out-of-bounds Read Package stringstream Patched in >=0.0.6 Dependency of trymodule Path trymodule > npmi > npm > node-gyp > request > stringstream Path trymodule > npmi > npm > npm-registry-client > request > stringstream Path trymodule > npmi > npm > request > stringstream More info https://nodesecurity.io/advisories/664