Fix CVE–2023–26136 #1
An automation triggered a pipeline failure
Found 97 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
5 rules were checked:
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
---|---|---|---|---|
CVE-2021-23383 | 7.5 | 9.8 | handlebars (npm) | Debricked Unknown License, MIT |
CVE-2017-16042 | 7.5 | 9.8 | growl (npm) | Debricked Unknown License, MIT |
CVE-2023-26136 | N/A | 9.8 | tough-cookie (npm) | BSD-3-Clause, CC0-1.0, MIT |
CVE-2018-16487 | 7.5 | 9.8 | lodash (npm) | MIT |
CVE-2021-3918 | 7.5 | 9.8 | json-schema (npm) | BSD-3-Clause |
CVE-2021-23369 | 7.5 | 9.8 | handlebars (npm) | Debricked Unknown License, MIT |
CVE-2020-7610 | 7.5 | 9.8 | bson (npm) | Apache-2.0, Debricked Unknown License |
CVE-2018-16492 | 7.5 | 9.8 | extend (npm) | Debricked Unknown License, MIT |
CVE-2021-23807 | 7.5 | 9.8 | jsonpointer (npm) | Debricked Unknown License, MIT |
CVE-2019-19919 | 7.5 | 9.8 | handlebars (npm) | Debricked Unknown License, MIT |
CVE-2019-10744 | 6.4 | 9.1 | lodash (npm) | MIT |
CVE-2021-42581 | 6.4 | 9.1 | ramda (npm) | MIT |
CVE-2018-3728 | 6.5 | 8.8 | hoek (npm) | BSD-3-Clause |
CVE-2021-37713 | 4.4 | 8.6 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2021-37712 | 4.4 | 8.6 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2021-37701 | 4.4 | 8.6 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2019-16776 | 5.5 | 8.1 | npm (npm) | Artistic-2.0, BSD-2-Clause, ISC |
CVE-2021-32804 | 5.8 | 8.1 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2019-20920 | 6.8 | 8.1 | handlebars (npm) | Debricked Unknown License, MIT |
CVE-2021-32803 | 5.8 | 8.1 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2018-7408 | 4.6 | 7.8 | npm (npm) | Artistic-2.0, BSD-2-Clause, ISC |
CVE-2015-8858 | 7.8 | 7.5 | uglify-js (npm) | BSD-2-Clause, Debricked Unknown License |
CVE-2017-16138 | 5 | 7.5 | mime (npm) | Debricked Unknown License, MIT |
CVE-2020-28469 | 5 | 7.5 | glob-parent (npm) | ISC |
CVE-2022-21803 | 5 | 7.5 | nconf (npm) | Debricked Unknown License, MIT |
CVE-2023-25345 | N/A | 7.5 | swig (npm) | Debricked Unknown License, MIT |
CVE-2019-13173 | 6.4 | 7.5 | fstream (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2017-18077 | 5 | 7.5 | brace-expansion (npm) | MIT |
CVE-2021-23343 | 5 | 7.5 | path-parse (npm) | MIT |
CVE-2018-3737 | 5 | 7.5 | sshpk (npm) | MIT |
CVE-2016-2537 | 5 | 7.5 | is-my-json-valid (npm) | MIT |
CVE-2016-10540 | 5 | 7.5 | minimatch (npm) | Debricked Unknown License, ISC, MIT |
CVE-2019-20922 | 7.8 | 7.5 | handlebars (npm) | Debricked Unknown License, MIT |
CVE-2021-33623 | 5 | 7.5 | trim-newlines (npm) | MIT |
CVE-2022-29167 | 5 | 7.5 | hawk (npm) | BSD-3-Clause |
CVE-2014-10064 | 5 | 7.5 | qs (npm) | BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2022-25883 | N/A | 7.5 | semver (npm) | BSD-2-Clause, Debricked Unknown License, ISC, MIT |
CVE-2017-1000048 | 5 | 7.5 | qs (npm) | BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2016-2515 | 7.8 | 7.5 | hawk (npm) | BSD-3-Clause |
CVE-2022-24999 | N/A | 7.5 | qs (npm) | BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2020-7754 | 5 | 7.5 | npm-user-validate (npm) | BSD-2-Clause, Debricked Unknown License |
CVE-2018-20834 | 6.4 | 7.5 | tar (npm) | BSD-2-Clause, Debricked Unknown License, ISC |
CVE-2017-15010 | 5 | 7.5 | tough-cookie (npm) | BSD-3-Clause, CC0-1.0, MIT |
CVE-2022-21680 | 5 | 7.5 | marked (npm) | MIT |
CVE-2017-20165 | 2.7 | 7.5 | debug (npm) | Debricked Unknown License, MIT |
CVE-2022-21681 | 5 | 7.5 | marked (npm) | MIT |
CVE-2017-16114 | 5 | 7.5 | marked (npm) | MIT |
CVE-2022-3517 | N/A | 7.5 | minimatch (npm) | Debricked Unknown License, ISC, MIT |
CVE-2020-8203 | 5.8 | 7.4 | lodash (npm) | MIT |
CVE-2020-7774 | 7.5 | 7.3 | y18n (npm) | ISC |
CVE-2020-7788 | 7.5 | 7.3 | ini (npm) | Debricked Unknown License, ISC, MIT |
CVE-2021-23337 | 6.5 | 7.2 | lodash (npm) | MIT |
CVE-2021-23358 | 6.5 | 7.2 | underscore (npm) | MIT |
CVE-2022-0144 | 3.6 | 7.1 | shelljs (npm) | BSD-3-Clause, Debricked Unknown License |
CVE-2019-16775 | 4 | 6.5 | npm (npm) | Artistic-2.0, BSD-2-Clause, ISC |
CVE-2019-16777 | 5.5 | 6.5 | npm (npm) | Artistic-2.0, BSD-2-Clause, ISC |
CVE-2020-8244 | 6.4 | 6.5 | bl (npm) | MIT |
CVE-2019-1010266 | 4 | 6.5 | lodash (npm) | MIT |
CVE-2018-3721 | 4 | 6.5 | lodash (npm) | MIT |
CVE-2016-10531 | 4.3 | 6.1 | marked (npm) | MIT |
CVE-2023-28155 | N/A | 6.1 | request (npm) | Apache-2.0, Debricked Unknown License |
CVE-2017-1000427 | 4.3 | 6.1 | marked (npm) | MIT |
CVE-2023-28155 | N/A | 6.1 | @cypress/request (npm) | Apache-2.0 |
CVE-2017-16026 | 7.1 | 5.9 | request (npm) | Apache-2.0, Debricked Unknown License |
CVE-2018-1002204 | 4.3 | 5.5 | adm-zip (npm) | MIT |
CVE-2019-2391 | 5.5 | 5.4 | bson (npm) | Apache-2.0, Debricked Unknown License |
CVE-2016-1000232 | 5 | 5.3 | tough-cookie (npm) | BSD-3-Clause, CC0-1.0, MIT |
CVE-2021-23362 | 5 | 5.3 | hosted-git-info (npm) | ISC |
CVE-2017-16028 | 5 | 5.3 | randomatic (npm) | MIT |
CVE-2018-1107 | 5 | 5.3 | is-my-json-valid (npm) | MIT |
CVE-2023-0842 | N/A | 5.3 | xml2js (npm) | Debricked Unknown License, MIT |
CVE-2022-33987 | 5 | 5.3 | got (npm) | MIT |
CVE-2020-7608 | 4.6 | 5.3 | yargs-parser (npm) | ISC |
CVE-2017-20162 | 3.5 | 5.3 | ms (npm) | Debricked Unknown License, MIT |
CVE-2018-1109 | 5 | 5.3 | braces (npm) | MIT |
CVE-2017-16137 | 5 | 5.3 | debug (npm) | Debricked Unknown License, MIT |
CVE-2020-28500 | 5 | 5.3 | lodash (npm) | MIT |
CVE-2014-7191 | 5 | N/A | qs (npm) | BSD-3-Clause, Debricked Unknown License, MIT |
CVE-2020-15095 | 1.9 | 4.4 | npm (npm) | Artistic-2.0, BSD-2-Clause, ISC |
CVE-2017-18869 | 1.9 | 2.5 | chownr (npm) | ISC |
debricked-149511 | N/A | N/A | helmet-csp (npm) | MIT |
debricked-152368 | N/A | N/A | npm-user-validate (npm) | BSD-2-Clause, Debricked Unknown License |
debricked-97165 | N/A | N/A | lodash (npm) | MIT |
debricked-149495 | N/A | N/A | mongodb (npm) | Apache-2.0 |
debricked-149414 | N/A | N/A | handlebars (npm) | Debricked Unknown License, MIT |
debricked-149739 | N/A | N/A | yargs-parser (npm) | ISC |
debricked-180554 | N/A | N/A | shelljs (npm) | BSD-3-Clause, Debricked Unknown License |
debricked-149664 | N/A | N/A | stringstream (npm) | Debricked Unknown License, MIT |
debricked-149661 | N/A | N/A | handlebars (npm) | Debricked Unknown License, MIT |
debricked-149815 | N/A | N/A | handlebars (npm) | Debricked Unknown License, MIT |
debricked-149816 | N/A | N/A | handlebars (npm) | Debricked Unknown License, MIT |
debricked-149712 | N/A | N/A | tunnel-agent (npm) | Apache-2.0 |
debricked-149824 | N/A | N/A | handlebars (npm) | Debricked Unknown License, MIT |
debricked-149688 | N/A | N/A | braces (npm) | MIT |
debricked-160896 | N/A | N/A | diff (npm) | BSD-3-Clause |
debricked-155741 | N/A | N/A | ini (npm) | Debricked Unknown License, ISC, MIT |
debricked-149694 | N/A | N/A | js-yaml (npm) | MIT |
debricked-149699 | N/A | N/A | js-yaml (npm) | MIT |
If there is a dependency which is licensed under MIT
then fail pipeline
❌ The rule triggered for the following dependencies, causing a pipeline failure. Manage rule
[Output was too long for GitHub]