feat(contracts): escrow-v2-general-escrow-event-update #1396
Security Report
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2023-26115Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-web-0.2.0.tgz (Root Library) -> react-scripts-5.0.1.tgz -> jest-27.5.1.tgz -> core-27.5.1.tgz -> jest-config-27.5.1.tgz -> jest-environment-jsdom-27.5.1.tgz -> jsdom-16.7.0.tgz -> escodegen-2.0.0.tgz -> optionator-0.8.3.tgz -> ❌ word-wrap-1.2.3.tgz (Vulnerable Library) |
 High |
7.5 | word-wrap-1.2.3.tgz | Upgrade to version: word-wrap - 1.2.4 | #1185 |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-eslint-config-0.0.0.tgz (Root Library) -> eslint-plugin-node-11.1.0.tgz -> ❌ semver-6.3.0.tgz (Vulnerable Library) |
High |
7.5 | semver-6.3.0.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #985 |
CVE-2022-25883Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-web-0.2.0.tgz (Root Library) -> client-0.0.5.tgz -> ipfs-car-0.7.0.tgz -> meow-9.0.0.tgz -> read-pkg-up-7.0.1.tgz -> read-pkg-5.2.0.tgz -> normalize-package-data-2.5.0.tgz -> ❌ semver-5.7.1.tgz (Vulnerable Library) |
High |
7.5 | semver-5.7.1.tgz | Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 | #1185 |
CVE-2021-3803Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-web-0.2.0.tgz (Root Library) -> react-scripts-5.0.1.tgz -> webpack-5.5.0.tgz -> plugin-svgo-5.5.0.tgz -> svgo-1.3.2.tgz -> css-select-2.1.0.tgz -> ❌ nth-check-1.0.2.tgz (Vulnerable Library) |
High |
7.5 | nth-check-1.0.2.tgz | Upgrade to version: nth-check - v2.0.1 | #1185 |
CVE-2023-26159Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-web-0.2.0.tgz (Root Library) -> react-scripts-5.0.1.tgz -> webpack-dev-server-4.15.1.tgz -> http-proxy-middleware-2.0.6.tgz -> http-proxy-1.18.1.tgz -> ❌ follow-redirects-1.15.2.tgz (Vulnerable Library) |
High |
7.3 | follow-redirects-1.15.2.tgz | Upgrade to version: follow-redirects - 1.15.4 | #1185 |
CVE-2023-49082Path to dependency file: /bot-pinner/requirements.txt Path to vulnerable library: /bot-pinner/requirements.txt Dependency Hierarchy: -> web3-6.13.0-py3-none-any.whl (Root Library) -> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library) |
 Medium |
5.3 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Upgrade to version: aiohttp - 3.9.0 | #1384 |
CVE-2023-49081Path to dependency file: /bot-pinner/requirements.txt Path to vulnerable library: /bot-pinner/requirements.txt Dependency Hierarchy: -> web3-6.13.0-py3-none-any.whl (Root Library) -> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library) |
Medium |
5.3 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Upgrade to version: aiohttp - 3.9.0 | #1384 |
CVE-2023-44270Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @kleros/kleros-v2-web-0.2.0.tgz (Root Library) -> react-scripts-5.0.1.tgz -> ❌ postcss-8.4.24.tgz (Vulnerable Library) |
Medium |
5.3 | postcss-8.4.24.tgz | Upgrade to version: postcss - 8.4.31 | #1185 |
Total libraries scanned: 2098
Scan token: f5ff01fb3e5f484fa473b4367a64f2dc