Security Report: Project Vulnerabilities

[github-actions]

Last scan date

12/12/2023

Present Vulnerabilities

Vulnerability ID	PkgName	Title	Severity	Status	Fixed Version	Published Date	Affects	Links
CVE-2023-48223	fast-jwt	JWT Algorithm Confusion	MEDIUM	fixed	3.3.2	2023-11-20T18:15:00Z	frontend api provisioning	https://github.com/nearform/fast-jwt https://github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29 nearform/fast-jwt@15a6e92 https://github.com/nearform/fast-jwt/releases/tag/v3.3.2 GHSA-c2ff-88x2-x9pg https://nvd.nist.gov/vuln/detail/CVE-2023-48223
CVE-2021-3803	nth-check	inefficient regular expression complexity	HIGH	fixed	2.0.1	2021-09-17T07:15:00Z	frontend	https://access.redhat.com/security/cve/CVE-2021-3803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3803 GHSA-rp65-9cf3-cjxr https://github.com/fb55/nth-check fb55/nth-check@9894c1d https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1) https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0 https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/ https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html https://nvd.nist.gov/vuln/detail/CVE-2021-3803 https://ubuntu.com/security/notices/USN-6114-1 https://www.cve.org/CVERecord?id=CVE-2021-3803
CVE-2023-44270	postcss	An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...	MEDIUM	fixed	8.4.31	2023-09-29T22:15:00Z	frontend api	GHSA-7fh5-64p2-3v2j contains no security impact github/advisory-database#2820 https://github.com/postcss/postcss https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25 postcss/postcss@58cc860 https://github.com/postcss/postcss/releases/tag/8.4.31 https://nvd.nist.gov/vuln/detail/CVE-2023-44270
CVE-2022-25883	semver	nodejs-semver: Regular expression denial of service	MEDIUM	fixed	7.5.2, 6.3.1, 5.7.2	2023-06-21T05:15:00Z	blockchain provisioning excel-export-service email-notification-service storage-service logging-service logging-service migration migration	https://access.redhat.com/errata/RHSA-2023:5363 https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/2216475 https://bugzilla.redhat.com/2230948 https://bugzilla.redhat.com/2230955 https://bugzilla.redhat.com/2230956 https://errata.almalinux.org/9/ALSA-2023-5363.html GHSA-c2qf-rxjj-qqgw https://github.com/npm/node-semver https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104 https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104 https://github.com/npm/node-semver/blob/main/internal/re.js#L138 https://github.com/npm/node-semver/blob/main/internal/re.js#L160 https://github.com/npm/node-semver/blob/main/internal/re.js%23L138 https://github.com/npm/node-semver/blob/main/internal/re.js%23L160 npm/node-semver@2f8fd41 npm/node-semver@717534e npm/node-semver@928e56d fix: better handling of whitespace npm/node-semver#564 fix: better handling of whitespace (backport to v5) npm/node-semver#585 chore: release 6.3.1 npm/node-semver#593 https://linux.oracle.com/cve/CVE-2022-25883.html https://linux.oracle.com/errata/ELSA-2023-5363.html https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://www.cve.org/CVERecord?id=CVE-2022-25883
CVE-2023-28155	@cypress/request	The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...	MEDIUM	fixed	3.0.0	2023-03-16T15:15:00Z	e2e-test	https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116 cypress-io/request@c5bcf21 feat: Add allowInsecureRedirect option cypress-io/request#28 https://github.com/cypress-io/request/releases/tag/v3.0.0 [GHSA-p8p7-x288-28g6] Server-Side Request Forgery in Request github/advisory-database#2500 https://github.com/request/request https://github.com/request/request/blob/master/lib/redirect.js#L111 CVE-2023-28155 Request allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect request/request#3442 Ssrf fix request/request#3444 https://nvd.nist.gov/vuln/detail/CVE-2023-28155 https://security.netapp.com/advisory/ntap-20230413-0007/