generated from hmcts/expressjs-template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathyarn-audit-known-issues
1 lines (1 loc) · 1.29 KB
/
yarn-audit-known-issues
1
{"actions":[],"advisories":{"1101092":{"findings":[{"version":"3.3.7","paths":["@uppy/core>nanoid","@uppy/drop-target>@uppy/core>nanoid","@uppy/xhr-upload>@uppy/companion-client>@uppy/core>nanoid"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-55565\n- https://github.com/ai/nanoid/pull/510\n- https://github.com/ai/nanoid/compare/3.3.7...3.3.8\n- https://github.com/ai/nanoid/releases/tag/5.0.9\n- https://github.com/advisories/GHSA-mwcw-c2x4-8c55","created":"2024-12-09T03:30:59.000Z","id":1101092,"npm_advisory_id":null,"overview":"nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.","reported_by":null,"title":"Infinite loop in nanoid","metadata":null,"cves":["CVE-2024-55565"],"access":"public","severity":"low","module_name":"nanoid","vulnerable_versions":"<3.3.8","github_advisory_id":"GHSA-mwcw-c2x4-8c55","recommendation":"Upgrade to version 3.3.8 or later","patched_versions":">=3.3.8","updated":"2024-12-09T22:42:44.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-835"],"url":"https://github.com/advisories/GHSA-mwcw-c2x4-8c55"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":3,"moderate":0,"high":0,"critical":0},"dependencies":419,"devDependencies":2,"optionalDependencies":0,"totalDependencies":421}}