Skip to content

Update README.md #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AaronButler-Veracode wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #2

AaronButler-Veracode wants to merge 1 commit into from

Conversation

@AaronButler-Veracode
Copy link
Owner

@AaronButler-Veracode AaronButler-Veracode commented Mar 10, 2023

No description provided.

@github-actions
Copy link

github-actions bot commented Mar 10, 2023



Veraocde SCA Scan failed with exit code 10

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Running the NPM scanner Scanning completed Found 1856 lines of code Processing results... Processing results complete

Summary Report
Scan ID                                        5415a029-b23c-45bc-b622-e1416735af19
Scan Date & Time                             Mar 10 2023 02:30PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.21 (latest 3.8.21)
Analysis time                                 70 seconds
User                                         runner
Project                                        /home/runner/work/nodegoat/nodegoat
Package Manager(s)                             NPM

Open-Source Libraries
Total Libraries                                970
Direct Libraries                             26
Transitive Libraries                         944
Vulnerable Libraries                         61
Third Party Code                             99.7%

Security
With Vulnerable Methods                        0
High Risk Vulnerabilities                     32
Medium Risk Vulnerabilities                    98
Low Risk Vulnerabilities                     3

Vulnerabilities - Public Data
CVE-2020-8116                                 High Risk     Prototype Pollution                                                            dot-prop 4.2.0
CVE-2022-37609                                 High Risk     Prototype Pollution                                                            js-beautify 1.10.2
CVE-2020-7788                                 High Risk     Prototype Pollution                                                            ini 1.3.5
CVE-2020-7788                                 High Risk     Prototype Pollution                                                            ini 1.3.4
CVE-2015-8858                                 High Risk     Regular Expression Denial Of Service (ReDoS)                                 uglify-js 2.4.24
CVE-2022-37598                                 High Risk     Prototype Pollution                                                            uglify-js 2.4.24
CVE-2017-16026                                 High Risk     Remote Memory Disclosure                                                     request 2.67.0
CVE-2017-16026                                 High Risk     Remote Memory Disclosure                                                     request 2.36.0
CVE-2020-7610                                 High Risk     Deserialization Of Untrusted Object                                            bson 1.0.9
CVE-2021-3807                                 High Risk     Regular Expression Denial Of Service (ReDoS)                                 ansi-regex 3.0.0
CVE-2022-37598                                 High Risk     Prototype Pollution                                                            uglify-js 2.7.0
CVE-2017-16042                                 High Risk     Remote Code Execution (RCE)                                                    growl 1.9.2
CVE-2016-2515                                 High Risk     Regular Expression Denial Of Service (ReDoS)                                 hawk 1.0.0
CVE-2021-44906                                 High Risk     Prototype Pollution                                                            minimist 1.2.0
CVE-2020-7774                                 High Risk     Prototype Pollution                                                            y18n 3.2.1
CVE-2018-16492                                 High Risk     Prototype Pollution                                                            extend 3.0.0
CVE-2020-28282                                 High Risk     Prototype Pollution                                                            getobject 0.1.0
CVE-2021-3918                                 High Risk     Prototype Pollution                                                            json-schema 0.2.3
CVE-2021-23369                                 High Risk     Prototype Pollution                                                            handlebars 4.0.5
CVE-2019-19919                                 High Risk     Prototype Pollution                                                            handlebars 4.0.5
CVE-2019-20922                                 High Risk     Denial Of Service (DoS)                                                        handlebars 4.0.5
CVE-2021-23383                                 High Risk     Prototype Pollution                                                            handlebars 4.0.5
CVE-2019-20922                                 High Risk     Regular Expression Denial Of Service (ReDoS)                                 handlebars 4.0.5
CVE-2015-8315                                 High Risk     Regular Expression Denial Of Service (ReDoS)                                 ms 0.7.1
CVE-2019-13173                                 Medium Risk     Arbitrary File Overwrite                                                     fstream 1.0.10
CVE-2022-1537                                 Medium Risk     Time-of-check To Time-of-Use (TOCTOU)                                         grunt 1.0.4
CVE-2020-7729                                 Medium Risk     Arbtirary Code Execution                                                     grunt 1.0.4
CVE-2020-7662                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 websocket-extensions 0.1.3
CVE-2022-29167                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 hawk 3.1.3
CVE-2018-1002204                             Medium Risk     Arbitrary File Write                                                         adm-zip 0.4.4
CVE-2020-7754                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 npm-user-validate 0.1.5
CVE-2016-10540                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 minimatch 0.3.0
CVE-2019-20149                                 Medium Risk     Prototype Pollution                                                            kind-of 6.0.2
CVE-2022-24999                                 Medium Risk     Denial Of Service (DoS)                                                        qs 6.7.0
CVE-2019-2391                                 Medium Risk     Information Disclosure                                                         bson 1.0.9
CVE-2021-43138                                 Medium Risk     Prototype Pollution                                                            async 2.6.3
CVE-2020-7608                                 Medium Risk     Prototype Pollution                                                            yargs-parser 2.4.1
CVE-2017-15010                                 Medium Risk     Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies             tough-cookie 2.3.1
CVE-2017-16028                                 Medium Risk     Cryptographically Insecure Token Generation                                    randomatic 1.1.5
CVE-2021-23358                                 Medium Risk     Arbitrary Code Execution                                                     underscore 1.8.3
CVE-2022-29167                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 hawk 1.0.0
CVE-2018-1109                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 braces 1.8.5
CVE-2022-38900                                 Medium Risk     Denial Of Service (DoS)                                                        decode-uri-component 0.2.0
CVE-2018-3737                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 sshpk 1.10.1
CVE-2020-7598                                 Medium Risk     Prototype Pollution                                                            minimist 1.2.0
CVE-2018-1107                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 is-my-json-valid 2.15.0
CVE-2021-33623                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 trim-newlines 1.0.0
CVE-2017-1000048                             Medium Risk     Prototype Override Protection Bypass                                         qs 6.2.1
CVE-2022-24999                                 Medium Risk     Denial Of Service (DoS)                                                        qs 6.2.1
CVE-2020-8244                                 Medium Risk     Denial Of Service (DoS)                                                        bl 1.1.2
CVE-2021-3820                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 i 0.3.6
CVE-2021-23343                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 path-parse 1.0.6
CVE-2014-7191                                 Medium Risk     Denial Of Service (DoS) Memory Consumption                                     qs 0.6.6
CVE-2014-10064                                 Medium Risk     Denial Of Service (DoS)                                                        qs 0.6.6
CVE-2017-16137                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 debug 2.2.0
CVE-2017-20165                                 Medium Risk     Regular Expression Denial Of Service                                         debug 2.2.0
CVE-2019-10795                                 Medium Risk     Prototype Pollution                                                            undefsafe 2.0.2
CVE-2020-8244                                 Medium Risk     Denial Of Service (DoS)                                                        bl 1.0.3
CVE-2017-1000048                             Medium Risk     Prototype Override Protection Bypass                                         qs 5.2.1
CVE-2022-24999                                 Medium Risk     Denial Of Service (DoS)                                                        qs 5.2.1
CVE-2018-20834                                 Medium Risk     Arbitrary File Overwrite                                                     tar 2.2.1
CVE-2018-3728                                 Medium Risk     Prototype Pollution                                                            hoek 2.16.3
CVE-2019-16776                                 Medium Risk     Arbitrary File Overwrite                                                     npm 3.10.10
CVE-2019-16777                                 Medium Risk     Arbitrary File Overwrite                                                     npm 3.10.10
CVE-2019-16775                                 Medium Risk     Unauthorized File Access                                                     npm 3.10.10
CVE-2019-20920                                 Medium Risk     Arbitrary Code Execution                                                     handlebars 4.0.5
CVE-2020-7598                                 Medium Risk     Prototype Pollution                                                            minimist 0.0.10
CVE-2019-1010266                             Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 lodash 4.13.1
CVE-2018-3721                                 Medium Risk     Prototype Pollution                                                            lodash 4.13.1
CVE-2018-16487                                 Medium Risk     Prototype Pollution Attack                                                     lodash 4.13.1
CVE-2021-23337                                 Medium Risk     Command Injection                                                             lodash 4.13.1
CVE-2019-10744                                 Medium Risk     Prototype Pollution                                                            lodash 4.13.1
CVE-2020-28500                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 lodash 4.13.1
CVE-2020-7598                                 Medium Risk     Prototype Pollution                                                            minimist 0.0.8
CVE-2021-23343                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 path-parse 1.0.5
CVE-2021-23358                                 Medium Risk     Arbitrary Code Execution                                                     underscore 1.9.2
CVE-2017-16138                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 mime 1.2.11
CVE-2017-16115                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 timespan 2.3.0
CVE-2018-3721                                 Medium Risk     Prototype Pollution                                                            lodash 2.4.2
CVE-2018-16487                                 Medium Risk     Prototype Pollution Attack                                                     lodash 2.4.2
CVE-2021-23337                                 Medium Risk     Command Injection                                                             lodash 2.4.2
CVE-2019-10744                                 Medium Risk     Prototype Pollution                                                            lodash 2.4.2
CVE-2018-21270                                 Medium Risk     Out-of-Bounds Read                                                             stringstream 0.0.5
CVE-2017-18077                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 brace-expansion 1.1.6
CVE-2020-8203                                 Medium Risk     Prototype Pollution                                                            lodash 4.17.15
CVE-2021-23337                                 Medium Risk     Command Injection                                                             lodash 4.17.15
CVE-2020-28500                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 lodash 4.17.15
CVE-2022-21803                                 Medium Risk     Prototype Pollution                                                            nconf 0.6.9
CVE-2017-15010                                 Medium Risk     Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies             tough-cookie 2.2.2
CVE-2016-1000232                             Medium Risk     Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons     tough-cookie 2.2.2
CVE-2022-24999                                 Medium Risk     Denial Of Service (DoS)                                                        qs 6.3.2
CVE-2021-23362                                 Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 hosted-git-info 2.8.5
CVE-2022-0436                                 Low Risk        Path Traversal                                                                 grunt 1.0.4
CVE-2017-18869                                 Low Risk        Time Of Check To Time Of Use (TOCTOU)                                         chownr 1.0.1
CVE-2020-15095                                 Low Risk        Information Disclosure                                                         npm 3.10.10

Vulnerabilities - Premium Data
NO-CVE                                         High Risk     Privilege Escalation                                                         shelljs 0.3.0
NO-CVE                                         High Risk     Arbitrary Code Execution                                                     is-my-json-valid 2.15.0
NO-CVE                                         High Risk     Arbitrary Code Execution                                                     handlebars 4.0.5
NO-CVE                                         High Risk     Remote Code Execution (RCE)                                                    handlebars 4.0.5
NO-CVE                                         High Risk     Remote Code Execution                                                         handlebars 4.0.5
NO-CVE                                         High Risk     Arbitrary Code Execution                                                     js-yaml 3.6.1
NO-CVE                                         High Risk     Arbitrary Code Execution                                                     is-my-json-valid 2.20.0
NO-CVE                                         High Risk     Prototype Pollution                                                            unset-value 1.0.0
NO-CVE                                         Medium Risk     Insecure Cipher                                                                request 2.75.0
NO-CVE                                         Medium Risk     Prototype Pollution                                                            request 2.75.0
NO-CVE                                         Medium Risk     Uninitialized Buffer Allocation                                                utile 0.3.0
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 js-beautify 1.10.2
NO-CVE                                         Medium Risk     Denial Of Service (DoS)                                                        mongodb 2.2.36
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 mocha 2.5.3
NO-CVE                                         Medium Risk     Insecure Cipher                                                                request 2.67.0
NO-CVE                                         Medium Risk     Prototype Pollution                                                            request 2.67.0
NO-CVE                                         Medium Risk     Insecure Cipher                                                                request 2.36.0
NO-CVE                                         Medium Risk     Insecure Cipher                                                                request 2.79.0
NO-CVE                                         Medium Risk     Prototype Pollution                                                            request 2.79.0
NO-CVE                                         Medium Risk     Arbitrary Command Injection                                                    shelljs 0.3.0
NO-CVE                                         Medium Risk     Denial Of Service (DoS)                                                        ws 1.1.5
NO-CVE                                         Medium Risk     Regular Express Denial Of Service (ReDoS)                                     is-my-json-valid 2.15.0
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 is-my-json-valid 2.15.0
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 revalidator 0.1.8
NO-CVE                                         Medium Risk     Timing Attacks                                                                 http-signature 0.10.1
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 marked 0.3.9
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 marked 0.3.9
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 marked 0.3.9
NO-CVE                                         Medium Risk     Prototype Pollution                                                            handlebars 4.0.5
NO-CVE                                         Medium Risk     Denial Of Service (DoS)                                                        js-yaml 3.6.1
NO-CVE                                         Medium Risk     Uninitialized Buffer Allocation                                                utile 0.2.1
NO-CVE                                         Medium Risk     Code Injection                                                                 lodash 4.13.1
NO-CVE                                         Medium Risk     Regular Express Denial Of Service (ReDoS)                                     is-my-json-valid 2.20.0
NO-CVE                                         Medium Risk     Regular Expression Denial Of Service (ReDoS)                                 is-my-json-valid 2.20.0
NO-CVE                                         Medium Risk     Information Disclosure                                                         tunnel-agent 0.4.3
NO-CVE                                         Medium Risk     Code Injection                                                                 lodash 2.4.2
NO-CVE                                         Medium Risk     Denial Of Service (DoS)                                                        stringstream 0.0.5
NO-CVE                                         Medium Risk     Code Injection                                                                 lodash 4.17.15

Licenses
Unique Library Licenses                        16
Libraries Using GPL                            0
Libraries With High Risk License             1
Libraries With Medium Risk License             0
Libraries With Low Risk License                977
Libraries With Multiple Licenses             13
Libraries With Unassessable License            2
Libraries With Unrecognizable License         4

Issues
Issue ID     Issue Type         Severity    Description                                                                                     Library Name & Version In Use
171717229    Vulnerability     4.3         CVE-2018-1002204: Arbitrary File Write                                                         adm-zip 0.4.4
171717230    Vulnerability     7.8         CVE-2021-3807: Regular Expression Denial Of Service (ReDoS)                                     ansi-regex 3.0.0
171717231    Vulnerability     6.8         CVE-2021-43138: Prototype Pollution                                                             async 2.6.3
171717232    Vulnerability     6.4         CVE-2020-8244: Denial Of Service (DoS)                                                         bl 1.0.3
171717233    Vulnerability     6.4         CVE-2020-8244: Denial Of Service (DoS)                                                         bl 1.1.2
171717234    Vulnerability     5.0         CVE-2017-18077: Regular Expression Denial Of Service (ReDoS)                                    brace-expansion 1.1.6
171717985    Vulnerability     5.0         CVE-2018-1109: Regular Expression Denial Of Service (ReDoS)                                     braces 1.8.5
171717986    Vulnerability     7.5         CVE-2020-7610: Deserialization Of Untrusted Object                                             bson 1.0.9
171717987    Vulnerability     5.5         CVE-2019-2391: Information Disclosure                                                         bson 1.0.9
171717988    Vulnerability     1.9         CVE-2017-18869: Time Of Check To Time Of Use (TOCTOU)                                         chownr 1.0.1
171717989    Vulnerability     5.0         CVE-2017-20165: Regular Expression Denial Of Service                                            debug 2.2.0
171717990    Vulnerability     5.0         CVE-2017-16137: Regular Expression Denial Of Service (ReDoS)                                    debug 2.2.0
171717991    Vulnerability     5.0         CVE-2022-38900: Denial Of Service (DoS)                                                         decode-uri-component 0.2.0
171717992    Vulnerability     7.5         CVE-2020-8116: Prototype Pollution                                                             dot-prop 4.2.0
171717993    Vulnerability     7.5         CVE-2018-16492: Prototype Pollution                                                             extend 3.0.0
171717994    Vulnerability     6.4         CVE-2019-13173: Arbitrary File Overwrite                                                        fstream 1.0.10
171717995    Vulnerability     7.5         CVE-2020-28282: Prototype Pollution                                                             getobject 0.1.0
171717996    Vulnerability     7.5         CVE-2017-16042: Remote Code Execution (RCE)                                                     growl 1.9.2
171717997    Vulnerability     6.9         CVE-2022-1537: Time-of-check To Time-of-Use (TOCTOU)                                            grunt 1.0.4
171717998    Vulnerability     4.6         CVE-2020-7729: Arbtirary Code Execution                                                         grunt 1.0.4
171717999    Vulnerability     2.1         CVE-2022-0436: Path Traversal                                                                 grunt 1.0.4
171718000    Vulnerability     7.8         CVE-2019-20922: Denial Of Service (DoS)                                                         handlebars 4.0.5
171718001    Vulnerability     7.8         CVE-2019-20922: Regular Expression Denial Of Service (ReDoS)                                    handlebars 4.0.5
171718002    Vulnerability     7.5         CVE-2021-23383: Prototype Pollution                                                             handlebars 4.0.5
171718003    Vulnerability     7.5         NO-CVE: Remote Code Execution (RCE)                                                             handlebars 4.0.5
171718004    Vulnerability     7.5         CVE-2019-19919: Prototype Pollution                                                             handlebars 4.0.5
171718005    Vulnerability     7.5         NO-CVE: Remote Code Execution                                                                 handlebars 4.0.5
171718006    Vulnerability     7.5         CVE-2021-23369: Prototype Pollution                                                             handlebars 4.0.5
171718007    Vulnerability     7.5         NO-CVE: Arbitrary Code Execution                                                                handlebars 4.0.5
171718008    Vulnerability     6.8         CVE-2019-20920: Arbitrary Code Execution                                                        handlebars 4.0.5
171718009    Vulnerability     6.8         NO-CVE: Prototype Pollution                                                                     handlebars 4.0.5
171718010    Vulnerability     7.8         CVE-2016-2515: Regular Expression Denial Of Service (ReDoS)                                     hawk 1.0.0
171718011    Vulnerability     5.0         CVE-2022-29167: Regular Expression Denial Of Service (ReDoS)                                    hawk 1.0.0
171718012    Vulnerability     5.0         CVE-2022-29167: Regular Expression Denial Of Service (ReDoS)                                    hawk 3.1.3
171718013    Vulnerability     6.5         CVE-2018-3728: Prototype Pollution                                                             hoek 2.16.3
171718014    Vulnerability     5.0         CVE-2021-23362: Regular Expression Denial Of Service (ReDoS)                                    hosted-git-info 2.8.5
171718015    Vulnerability     5.0         NO-CVE: Timing Attacks                                                                         http-signature 0.10.1
171718016    Vulnerability     5.0         CVE-2021-3820: Regular Expression Denial Of Service (ReDoS)                                     i 0.3.6
171718017    Vulnerability     7.5         CVE-2020-7788: Prototype Pollution                                                             ini 1.3.4
171718018    Vulnerability     7.5         CVE-2020-7788: Prototype Pollution                                                             ini 1.3.5
171718019    Vulnerability     7.5         NO-CVE: Arbitrary Code Execution                                                                is-my-json-valid 2.15.0
171718020    Vulnerability     5.0         CVE-2018-1107: Regular Expression Denial Of Service (ReDoS)                                     is-my-json-valid 2.15.0
171718021    Vulnerability     5.0         NO-CVE: Regular Express Denial Of Service (ReDoS)                                             is-my-json-valid 2.15.0
171718022    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            is-my-json-valid 2.15.0
171718023    Vulnerability     7.5         NO-CVE: Arbitrary Code Execution                                                                is-my-json-valid 2.20.0
171718024    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            is-my-json-valid 2.20.0
171718025    Vulnerability     5.0         NO-CVE: Regular Express Denial Of Service (ReDoS)                                             is-my-json-valid 2.20.0
171718026    Vulnerability     7.5         CVE-2022-37609: Prototype Pollution                                                             js-beautify 1.10.2
171718027    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            js-beautify 1.10.2
171718028    Vulnerability     10.0        NO-CVE: Arbitrary Code Execution                                                                js-yaml 3.6.1
171718029    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                                                                 js-yaml 3.6.1
171718030    Vulnerability     7.5         CVE-2021-3918: Prototype Pollution                                                             json-schema 0.2.3
171718031    Vulnerability     5.0         CVE-2019-20149: Prototype Pollution                                                             kind-of 6.0.2
171718032    Vulnerability     6.8         CVE-2018-16487: Prototype Pollution Attack                                                     lodash 2.4.2
171718033    Vulnerability     6.8         NO-CVE: Code Injection                                                                         lodash 2.4.2
171718034    Vulnerability     6.5         CVE-2021-23337: Command Injection                                                             lodash 2.4.2
171718035    Vulnerability     6.4         CVE-2019-10744: Prototype Pollution                                                             lodash 2.4.2
171718036    Vulnerability     4.0         CVE-2018-3721: Prototype Pollution                                                             lodash 2.4.2
171718037    Vulnerability     6.8         NO-CVE: Code Injection                                                                         lodash 4.13.1
171718038    Vulnerability     6.8         CVE-2018-16487: Prototype Pollution Attack                                                     lodash 4.13.1
171718039    Vulnerability     6.5         CVE-2021-23337: Command Injection                                                             lodash 4.13.1
171718040    Vulnerability     6.4         CVE-2019-10744: Prototype Pollution                                                             lodash 4.13.1
171718041    Vulnerability     5.0         CVE-2020-28500: Regular Expression Denial Of Service (ReDoS)                                    lodash 4.13.1
171718042    Vulnerability     4.0         CVE-2018-3721: Prototype Pollution                                                             lodash 4.13.1
171718043    Vulnerability     4.0         CVE-2019-1010266: Regular Expression Denial Of Service (ReDoS)                                 lodash 4.13.1
171718044    Vulnerability     6.8         NO-CVE: Code Injection                                                                         lodash 4.17.15
171718045    Vulnerability     6.5         CVE-2021-23337: Command Injection                                                             lodash 4.17.15
171718046    Vulnerability     5.8         CVE-2020-8203: Prototype Pollution                                                             lodash 4.17.15
171718047    Vulnerability     5.0         CVE-2020-28500: Regular Expression Denial Of Service (ReDoS)                                    lodash 4.17.15
171718048    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            marked 0.3.9
171718049    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            marked 0.3.9
171718050    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            marked 0.3.9
171718051    Vulnerability     5.0         CVE-2017-16138: Regular Expression Denial Of Service (ReDoS)                                    mime 1.2.11
171718052    Vulnerability     5.0         CVE-2016-10540: Regular Expression Denial Of Service (ReDoS)                                    minimatch 0.3.0
171718053    Vulnerability     6.8         CVE-2020-7598: Prototype Pollution                                                             minimist 0.0.10
171718054    Vulnerability     6.8         CVE-2020-7598: Prototype Pollution                                                             minimist 0.0.8
171718055    Vulnerability     7.5         CVE-2021-44906: Prototype Pollution                                                             minimist 1.2.0
171718056    Vulnerability     6.8         CVE-2020-7598: Prototype Pollution                                                             minimist 1.2.0
171718057    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            mocha 2.5.3
171718058    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                                                                 mongodb 2.2.36
171718059    Vulnerability     7.8         CVE-2015-8315: Regular Expression Denial Of Service (ReDoS)                                     ms 0.7.1
171718060    Vulnerability     5.0         CVE-2022-21803: Prototype Pollution                                                             nconf 0.6.9
171718061    Vulnerability     5.0         CVE-2020-7754: Regular Expression Denial Of Service (ReDoS)                                     npm-user-validate 0.1.5
171718062    Vulnerability     5.5         CVE-2019-16776: Arbitrary File Overwrite                                                        npm 3.10.10
171718063    Vulnerability     5.5         CVE-2019-16777: Arbitrary File Overwrite                                                        npm 3.10.10
171718064    Vulnerability     4.0         CVE-2019-16775: Unauthorized File Access                                                        npm 3.10.10
171718065    Vulnerability     1.9         CVE-2020-15095: Information Disclosure                                                         npm 3.10.10
171718066    Vulnerability     5.0         CVE-2021-23343: Regular Expression Denial Of Service (ReDoS)                                    path-parse 1.0.5
171718067    Vulnerability     5.0         CVE-2021-23343: Regular Expression Denial Of Service (ReDoS)                                    path-parse 1.0.6
171718068    Vulnerability     5.0         CVE-2014-7191: Denial of Service (DoS) Memory Consumption                                     qs 0.6.6
171718069    Vulnerability     5.0         CVE-2014-10064: Denial Of Service (DoS)                                                         qs 0.6.6
171718070    Vulnerability     5.0         CVE-2022-24999: Denial Of Service (DoS)                                                         qs 5.2.1
171718071    Vulnerability     5.0         CVE-2017-1000048: Prototype Override Protection Bypass                                         qs 5.2.1
171718072    Vulnerability     5.0         CVE-2017-1000048: Prototype Override Protection Bypass                                         qs 6.2.1
171718073    Vulnerability     5.0         CVE-2022-24999: Denial Of Service (DoS)                                                         qs 6.2.1
171718074    Vulnerability     5.0         CVE-2022-24999: Denial Of Service (DoS)                                                         qs 6.3.2
171718075    Vulnerability     5.0         CVE-2022-24999: Denial Of Service (DoS)                                                         qs 6.7.0
171718076    Vulnerability     5.0         CVE-2017-16028: Cryptographically Insecure Token Generation                                     randomatic 1.1.5
171718077    Vulnerability     7.1         CVE-2017-16026: Remote Memory Disclosure                                                        request 2.36.0
171718078    Vulnerability     4.3         NO-CVE: Insecure Cipher                                                                         request 2.36.0
171718079    Vulnerability     7.1         CVE-2017-16026: Remote Memory Disclosure                                                        request 2.67.0
171718080    Vulnerability     5.0         NO-CVE: Prototype Pollution                                                                     request 2.67.0
171718081    Vulnerability     4.3         NO-CVE: Insecure Cipher                                                                         request 2.67.0
171718082    Vulnerability     5.0         NO-CVE: Prototype Pollution                                                                     request 2.75.0
171718083    Vulnerability     4.3         NO-CVE: Insecure Cipher                                                                         request 2.75.0
171718084    Vulnerability     5.0         NO-CVE: Prototype Pollution                                                                     request 2.79.0
171718085    Vulnerability     4.3         NO-CVE: Insecure Cipher                                                                         request 2.79.0
171718086    Vulnerability     5.0         NO-CVE: Regular Expression Denial Of Service (ReDoS)                                            revalidator 0.1.8
171718087    Vulnerability     7.2         NO-CVE: Privilege Escalation                                                                    shelljs 0.3.0
171718088    Vulnerability     5.0         NO-CVE: Arbitrary Command Injection                                                             shelljs 0.3.0
171718089    Vulnerability     5.0         CVE-2018-3737: Regular Expression Denial Of Service (ReDoS)                                     sshpk 1.10.1
171718090    Vulnerability     6.4         NO-CVE: Denial Of Service (DoS)                                                                 stringstream 0.0.5
171718091    Vulnerability     5.8         CVE-2018-21270: Out-of-Bounds Read                                                             stringstream 0.0.5
171718092    Vulnerability     6.4         CVE-2018-20834: Arbitrary File Overwrite                                                        tar 2.2.1
171718093    Vulnerability     5.0         CVE-2017-16115: Regular Expression Denial Of Service (ReDoS)                                    timespan 2.3.0
171718094    Vulnerability     5.0         CVE-2016-1000232: Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons    tough-cookie 2.2.2
171718095    Vulnerability     5.0         CVE-2017-15010: Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies                tough-cookie 2.2.2
171718096    Vulnerability     5.0         CVE-2017-15010: Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies                tough-cookie 2.3.1
171718097    Vulnerability     5.0         CVE-2021-33623: Regular Expression Denial Of Service (ReDoS)                                    trim-newlines 1.0.0
171718098    Vulnerability     4.3         NO-CVE: Information Disclosure                                                                 tunnel-agent 0.4.3
171718099    Vulnerability     7.8         CVE-2015-8858: Regular Expression Denial Of Service (ReDoS)                                     uglify-js 2.4.24
171718100    Vulnerability     7.5         CVE-2022-37598: Prototype Pollution                                                             uglify-js 2.4.24
171718101    Vulnerability     7.5         CVE-2022-37598: Prototype Pollution                                                             uglify-js 2.7.0
171718102    Vulnerability     6.5         CVE-2019-10795: Prototype Pollution                                                             undefsafe 2.0.2
171718103    Vulnerability     6.5         CVE-2021-23358: Arbitrary Code Execution                                                        underscore 1.8.3
171718104    Vulnerability     6.5         CVE-2021-23358: Arbitrary Code Execution                                                        underscore 1.9.2
171718105    Vulnerability     7.5         NO-CVE: Prototype Pollution                                                                     unset-value 1.0.0
171718106    Vulnerability     6.4         NO-CVE: Uninitialized Buffer Allocation                                                         utile 0.2.1
171718107    Vulnerability     6.4         NO-CVE: Uninitialized Buffer Allocation                                                         utile 0.3.0
171718108    Vulnerability     5.0         CVE-2020-7662: Regular Expression Denial Of Service (ReDoS)                                     websocket-extensions 0.1.3
171718109    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                                                                 ws 1.1.5
171718110    Vulnerability     7.5         CVE-2020-7774: Prototype Pollution                                                             y18n 3.2.1
171718111    Vulnerability     4.6         CVE-2020-7608: Prototype Pollution                                                             yargs-parser 2.4.1
171718112    Outdated Library    3.0         Latest version at scan: 0.16.0                                                                 consolidate 0.14.5
171718113    Outdated Library    3.0         Latest version at scan: 1.11.0                                                                 csurf 1.10.0
171718114    Outdated Library    3.0         Latest version at scan: 1.17.3                                                                 express-session 1.17.0
171718115    Outdated Library    3.0         Latest version at scan: 5.0.0-beta.1                                                            express 4.17.1
171718116    Outdated Library    3.0         Latest version at scan: 4.0.3                                                                 forever 0.15.3
171718117    Outdated Library    3.0         Latest version at scan: 1.4.3                                                                 grunt-cli 1.3.2
171718118    Outdated Library    3.0         Latest version at scan: 3.0.0                                                                 grunt-concurrent 2.3.1
171718119    Outdated Library    3.0         Latest version at scan: 0.13.3                                                                 grunt-mocha-test 0.12.7
171718120    Outdated Library    3.0         Latest version at scan: 1.0.9                                                                 grunt-retire 0.3.12
171718121    Outdated Library    3.0         Latest version at scan: 6.0.1                                                                 helmet 2.3.0
171718122    Outdated Library    3.0         Latest version at scan: 4.2.12                                                                 marked 0.3.9
171718123    Outdated Library    3.0         Latest version at scan: 5.1.0                                                                 mongodb 2.2.36
171718124    Outdated Library    3.0         Latest version at scan: 4.8.1                                                                 selenium-webdriver 2.53.3
171718125    Outdated Library    3.0         Latest version at scan: 13.2.3                                                                 should 8.4.0
171718126    Outdated Library    3.0         Latest version at scan: 1.13.6                                                                 underscore 1.9.2
171718127    Outdated Library    3.0         Latest version at scan: 1.0.1                                                                 zaproxy 0.2.0
171718128    License             9.0         Library has High-Risk License                                                                 bcrypt-nodejs 0.0.3

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/000t57Vx/scans/47449777

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AaronButler-Veracode