Closed SeyiSoneye closed 1 week ago
It has been detected in https://github.com/wazuh/wazuh/issues/23244 that Vulnerability Detection is currently not generating alerts for NPM packages on Windows 11.
PS C:\Users\Administrator> py -m pip install axios==0.1.0 Collecting axios==0.1.0 Downloading axios-0.1.0-py3-none-any.whl (5.3 kB) Collecting click Downloading click-8.1.7-py3-none-any.whl (97 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 97.9/97.9 kB 2.8 MB/s eta 0:00:00 Collecting lxml Downloading lxml-5.2.1-cp311-cp311-win_amd64.whl (3.8 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.8/3.8 MB 15.2 MB/s eta 0:00:00 Requirement already satisfied: requests in c:\python311\lib\site-packages (from axios==0.1.0) (2.28.1) Collecting rich Downloading rich-13.7.1-py3-none-any.whl (240 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 240.7/240.7 kB 15.4 MB/s eta 0:00:00 Requirement already satisfied: colorama in c:\python311\lib\site-packages (from click->axios==0.1.0) (0.4.6) Requirement already satisfied: charset-normalizer<3,>=2 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (2.1.1) Requirement already satisfied: idna<4,>=2.5 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (3.4) Requirement already satisfied: urllib3<1.27,>=1.21.1 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (1.26.12) Requirement already satisfied: certifi>=2017.4.17 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (2022.9.24) Collecting markdown-it-py>=2.2.0 Downloading markdown_it_py-3.0.0-py3-none-any.whl (87 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 87.5/87.5 kB ? eta 0:00:00 Requirement already satisfied: pygments<3.0.0,>=2.13.0 in c:\python311\lib\site-packages (from rich->axios==0.1.0) (2.13.0) Collecting mdurl~=0.1 Downloading mdurl-0.1.2-py3-none-any.whl (10.0 kB) Installing collected packages: mdurl, lxml, click, markdown-it-py, rich, axios Successfully installed axios-0.1.0 click-8.1.7 lxml-5.2.1 markdown-it-py-3.0.0 mdurl-0.1.2 rich-13.7.1 PS C:\Users\Administrator> python -m axios --version python -m axios, version 0.1.0
The vulnerability does not come up in inventory or events
The package was installed via Pipy not npm
The vulnerability is not reported as vulnerable for Pipy, the behavior is expected
Description
It has been detected in https://github.com/wazuh/wazuh/issues/23244 that Vulnerability Detection is currently not generating alerts for NPM packages on Windows 11.
Steps to reproduce
The vulnerability does not come up in inventory or events