Fix CVE–2023–26136 #18
An automation triggered a pipeline failure
Found 12 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
7 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If there is a dependency
where contributor score is at least 80then fail pipeline
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
---|---|---|---|---|
CVE-2021-23383 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2021-23369 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2019-19919 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2019-20920 | 6.8 | 8.1 | handlebars (npm) | MIT |
CVE-2019-20922 | 7.8 | 7.5 | handlebars (npm) | MIT |
CVE-2022-3517 | N/A | 7.5 | minimatch (npm) | ISC |
CVE-2024-29041 | N/A | 6.1 | express (npm) | MIT |
debricked-149661 | N/A | N/A | handlebars (npm) | MIT |
debricked-149414 | N/A | N/A | handlebars (npm) | MIT |
debricked-149815 | N/A | N/A | handlebars (npm) | MIT |
debricked-149816 | N/A | N/A | handlebars (npm) | MIT |
debricked-149824 | N/A | N/A | handlebars (npm) | MIT |
If a dependency contains a vulnerability which has not been marked as unaffected
where CVSS is at least medium (4.0-6.9)then fail pipeline
❌ The rule triggered for the following vulnerabilities, causing a pipeline failure. Manage rule
Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
---|---|---|---|---|
CVE-2021-23369 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2021-23383 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2019-19919 | 7.5 | 9.8 | handlebars (npm) | MIT |
CVE-2019-20920 | 6.8 | 8.1 | handlebars (npm) | MIT |
CVE-2019-20922 | 7.8 | 7.5 | handlebars (npm) | MIT |
CVE-2022-3517 | N/A | 7.5 | minimatch (npm) | ISC |
CVE-2024-29041 | N/A | 6.1 | express (npm) | MIT |
If there is a dependency
where popularity score is at most 70then fail pipeline
❌ The rule triggered for the following dependencies, causing a pipeline failure. Manage rule