-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauditjs.json
96 lines (96 loc) · 6.03 KB
/
auditjs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
"affected": [
{
"coordinates": "pkg:npm/postcss@7.0.35",
"description": "Tool for transforming styles with JS plugins",
"reference": "https://ossindex.sonatype.org/component/pkg:npm/postcss@7.0.35?utm_source=auditjs&utm_medium=integration&utm_content=4.0.25",
"vulnerabilities": [
{
"id": "e3f310ed-219c-4087-aa58-8425b13c3ec5",
"title": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')",
"description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"cvssScore": 7.5,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"reference": "https://ossindex.sonatype.org/vulnerability/e3f310ed-219c-4087-aa58-8425b13c3ec5?component-type=npm&component-name=postcss&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25"
}
]
},
{
"coordinates": "pkg:npm/ssri@7.1.0",
"description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.",
"reference": "https://ossindex.sonatype.org/component/pkg:npm/ssri@7.1.0?utm_source=auditjs&utm_medium=integration&utm_content=4.0.25",
"vulnerabilities": [
{
"id": "92bbcbaf-097a-43f9-855e-2052e38930db",
"title": "[CVE-2021-27290] ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression whic...",
"description": "ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.",
"cvssScore": 7.5,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cve": "CVE-2021-27290",
"reference": "https://ossindex.sonatype.org/vulnerability/92bbcbaf-097a-43f9-855e-2052e38930db?component-type=npm&component-name=ssri&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25"
}
]
},
{
"coordinates": "pkg:npm/postcss@8.2.4",
"description": "Tool for transforming styles with JS plugins",
"reference": "https://ossindex.sonatype.org/component/pkg:npm/postcss@8.2.4?utm_source=auditjs&utm_medium=integration&utm_content=4.0.25",
"vulnerabilities": [
{
"id": "e3f310ed-219c-4087-aa58-8425b13c3ec5",
"title": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')",
"description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"cvssScore": 7.5,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"reference": "https://ossindex.sonatype.org/vulnerability/e3f310ed-219c-4087-aa58-8425b13c3ec5?component-type=npm&component-name=postcss&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25"
}
]
},
{
"coordinates": "pkg:npm/ws@5.2.3",
"description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js",
"reference": "https://ossindex.sonatype.org/component/pkg:npm/ws@5.2.3?utm_source=auditjs&utm_medium=integration&utm_content=4.0.25",
"vulnerabilities": [
{
"id": "7b682dd5-ef07-459c-be11-50ec76c9eba2",
"title": "[CVE-2021-32640] ws is an open source WebSocket client and server library for Node.js. A speciall...",
"description": "ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.",
"cvssScore": 5.3,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cve": "CVE-2021-32640",
"reference": "https://ossindex.sonatype.org/vulnerability/7b682dd5-ef07-459c-be11-50ec76c9eba2?component-type=npm&component-name=ws&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25"
}
]
},
{
"coordinates": "pkg:npm/browserslist@4.14.2",
"description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset",
"reference": "https://ossindex.sonatype.org/component/pkg:npm/browserslist@4.14.2?utm_source=auditjs&utm_medium=integration&utm_content=4.0.25",
"vulnerabilities": [
{
"id": "e0905398-4778-4da0-a4ab-42ed4e0bdb73",
"title": "[CVE-2021-23364] The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular ...",
"description": "The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.",
"cvssScore": 5.3,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cve": "CVE-2021-23364",
"reference": "https://ossindex.sonatype.org/vulnerability/e0905398-4778-4da0-a4ab-42ed4e0bdb73?component-type=npm&component-name=browserslist&utm_source=auditjs&utm_medium=integration&utm_content=4.0.25"
}
]
}
],
"ignore": [
{
"id": "e3f310ed-219c-4087-aa58-8425b13c3ec5"
},
{
"id": "92bbcbaf-097a-43f9-855e-2052e38930db"
},
{
"id": "7b682dd5-ef07-459c-be11-50ec76c9eba2"
},
{
"id": "e0905398-4778-4da0-a4ab-42ed4e0bdb73"
}
]
}