1515 href ="
https://cdn.jsdelivr.net/gh/highlightjs/[email protected] /build/styles/atom-one-dark.min.css "
> 1616
1717 < title > NPM Audit Report</ title >
18- < meta name ="description " content ="44 known vulnerabilities found.>
18+ < meta name ="description " content ="0 known vulnerabilities found.>
1919
2020 < style >
2121 pre {
@@ -39,23 +39,23 @@ <h1 class="mt-5 text-center">NPM Audit Report</h1>
3939 < div class ="card ">
4040 < div class ="card-body ">
4141 < h5 class ="card-title ">
42- 44
42+ 0
4343 </ h5 >
4444 < p class ="card-text "> Known vulnerabilities</ p >
4545 </ div >
4646 </ div >
4747 < div class ="card ">
4848 < div class ="card-body ">
4949 < h5 class ="card-title ">
50- 388
50+ 363
5151 </ h5 >
5252 < p class ="card-text "> Dependencies</ p >
5353 </ div >
5454 </ div >
5555 < div class ="card ">
5656 < div class ="card-body ">
5757 < h5 class ="card-title ">
58- October 14th 2020, 7:31:16 am
58+ October 14th 2020, 7:38:24 am
5959 </ h5 >
6060 < p class ="card-text "> Last updated</ p >
6161 </ div >
@@ -95,7 +95,7 @@ <h5 class="card-title">
9595 < div class ="card ">
9696 < div class ="card-body ">
9797 < h5 class ="card-title ">
98- 44
98+ 0
9999 </ h5 >
100100 < p class ="card-text ">
101101 < span class ="badge badge-primary "> low</ span >
@@ -128,131 +128,13 @@ <h5 class="card-title">
128128 </ tr >
129129 </ thead >
130130 < tbody >
131- < tr >
132- < th scope ="row ">
133- < a href ="https://npmjs.com/advisories/1490 " data-toggle ="modal " data-target ="#advisory-modal-1490 "> Validation Bypass</ a >
134- </ th >
135- < td >
136- < a href ="https://npmjs.com/package/kind-of " target ="_blank "
137- rel ="noopener "> kind-of</ a >
138- </ td >
139- < td data-order ="4 "> < span
140- class ="badge badge-primary "> low</ span > </ td >
141- < td >
142- CWE-20
143- </ td >
144- </ tr >
145131 </ tbody >
146132 </ table >
147133 </ div >
148134 </ div >
149135 </ div >
150136
151137
152- < div class ="modal " tabindex ="-1 " role ="dialog " id ="advisory-modal-1490 ">
153- < div class ="modal-dialog modal-lg " role ="document ">
154- < div class ="modal-content ">
155- < div class ="modal-header ">
156- < h5 class ="modal-title ">
157- < span class ="badge badge-primary "> low</ span >
158- Validation Bypass
159- </ h5 >
160- < button type ="button " class ="close " data-dismiss ="modal " aria-label ="Close ">
161- < span aria-hidden ="true "> ×</ span >
162- </ button >
163- </ div >
164- < div class ="modal-body ">
165- < div class ="row ">
166- < div class ="col-md-6 ">
167- < ul >
168- < li > Module:
169- < a href ="https://npmjs.com/package/kind-of " target ="_blank "
170- rel ="noopener "> kind-of</ a >
171- </ li >
172- < li > Published: March 6th 2020 </ li >
173- < li > Reported by: Feng Xiao</ li >
174- < li > CWE-20</ li >
175- </ ul >
176- </ div >
177- < div class ="col-md-6 ">
178- < ul >
179- < li > Vulnerable: >=6.0.0 <6.0.3</ li >
180- < li > Patched: >=6.0.3</ li >
181- < li > Exploitability: 3</ li >
182- </ ul >
183- </ div >
184- </ div >
185- < h3 > Overview</ h3 >
186- < p class ="card-text "> < p > Versions of < code > kind-of</ code > 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. </ p >
187- </ p >
188-
189- < h3 > Findings</ h3 >
190- < ul >
191- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon>base>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
192- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>snapdragon>base>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
193- < li > cpy>globby>fast-glob>micromatch>extglob>snapdragon>base>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
194- < li > cpy>globby>fast-glob>micromatch>nanomatch>snapdragon>base>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
195- < li > cpy>globby>fast-glob>micromatch>snapdragon>base>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
196- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon-node>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
197- < li > cpy>globby>fast-glob>micromatch>braces>to-regex>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
198- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>to-regex>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
199- < li > cpy>globby>fast-glob>micromatch>extglob>to-regex>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
200- < li > cpy>globby>fast-glob>micromatch>nanomatch>to-regex>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
201- < li > cpy>globby>fast-glob>micromatch>to-regex>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
202- < li > cpy>globby>fast-glob>micromatch>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
203- < li > cpy>globby>fast-glob>micromatch>nanomatch>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
204- < li > cpy>globby>fast-glob>micromatch>extglob>define-property>is-descriptor>is-accessor-descriptor>kind-of </ li >
205- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon>base>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
206- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>snapdragon>base>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
207- < li > cpy>globby>fast-glob>micromatch>extglob>snapdragon>base>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
208- < li > cpy>globby>fast-glob>micromatch>nanomatch>snapdragon>base>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
209- < li > cpy>globby>fast-glob>micromatch>snapdragon>base>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
210- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon-node>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
211- < li > cpy>globby>fast-glob>micromatch>braces>to-regex>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
212- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>to-regex>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
213- < li > cpy>globby>fast-glob>micromatch>extglob>to-regex>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
214- < li > cpy>globby>fast-glob>micromatch>nanomatch>to-regex>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
215- < li > cpy>globby>fast-glob>micromatch>to-regex>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
216- < li > cpy>globby>fast-glob>micromatch>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
217- < li > cpy>globby>fast-glob>micromatch>nanomatch>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
218- < li > cpy>globby>fast-glob>micromatch>extglob>define-property>is-descriptor>is-data-descriptor>kind-of </ li >
219- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon>base>define-property>is-descriptor>kind-of </ li >
220- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>snapdragon>base>define-property>is-descriptor>kind-of </ li >
221- < li > cpy>globby>fast-glob>micromatch>extglob>snapdragon>base>define-property>is-descriptor>kind-of </ li >
222- < li > cpy>globby>fast-glob>micromatch>nanomatch>snapdragon>base>define-property>is-descriptor>kind-of </ li >
223- < li > cpy>globby>fast-glob>micromatch>snapdragon>base>define-property>is-descriptor>kind-of </ li >
224- < li > cpy>globby>fast-glob>micromatch>braces>snapdragon-node>define-property>is-descriptor>kind-of </ li >
225- < li > cpy>globby>fast-glob>micromatch>braces>to-regex>define-property>is-descriptor>kind-of </ li >
226- < li > cpy>globby>fast-glob>micromatch>extglob>expand-brackets>to-regex>define-property>is-descriptor>kind-of </ li >
227- < li > cpy>globby>fast-glob>micromatch>extglob>to-regex>define-property>is-descriptor>kind-of </ li >
228- < li > cpy>globby>fast-glob>micromatch>nanomatch>to-regex>define-property>is-descriptor>kind-of </ li >
229- < li > cpy>globby>fast-glob>micromatch>to-regex>define-property>is-descriptor>kind-of </ li >
230- < li > cpy>globby>fast-glob>micromatch>define-property>is-descriptor>kind-of </ li >
231- < li > cpy>globby>fast-glob>micromatch>nanomatch>define-property>is-descriptor>kind-of </ li >
232- < li > cpy>globby>fast-glob>micromatch>extglob>define-property>is-descriptor>kind-of </ li >
233- < li > cpy>globby>fast-glob>micromatch>kind-of </ li >
234- < li > cpy>globby>fast-glob>micromatch>nanomatch>kind-of </ li >
235- </ ul >
236-
237- < h3 > Remediation</ h3 >
238- < p class ="card-text "> < p > Upgrade to versions 6.0.3 or later.</ p >
239- </ p >
240-
241- < h3 > References</ h3 >
242- < p class ="card-text "> < ul >
243- < li > < a href ="https://github.com/jonschlinkert/kind-of/issues/30 "> GitHub issue</ a > </ li >
244- </ ul >
245- </ p >
246-
247- </ div >
248- < div class ="modal-footer ">
249- < a class ="btn btn-raised mr-2 btn-primary " href ="https://npmjs.com/advisories/1490 " target ="_blank " rel ="noopener "> More about
250- this vulnerability</ a >
251- < button type ="button " class ="btn btn-raised btn-secondary " data-dismiss ="modal "> Close</ button >
252- </ div >
253- </ div >
254- </ div >
255- </ div >
256138
257139 < script src ="https://code.jquery.com/jquery-3.3.1.slim.min.js "
258140 integrity ="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo "
0 commit comments