Open westonphillips opened 1 year ago
Vulnerable Package issue exists @ Npm-terser-5.5.1 in branch main
The package terser before 4.8.1, and 5.0.x before 5.14.2 is vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 5.14.2
References Advisory Commit Release Note
Vulnerable Package issue exists @ Npm-terser-5.5.1 in branch main
The package terser before 4.8.1, and 5.0.x before 5.14.2 is vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1333
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: HIGH Remediation Upgrade Recommendation: 5.14.2
References Advisory Commit Release Note