Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency geoip-lite to v1.4.3 (develop) - autoclosed #859

Update dependency geoip-lite to v1.4.3

a1d33e5
Select commit
Loading
Failed to load commit list.
Closed

Update dependency geoip-lite to v1.4.3 (develop) - autoclosed #859

Update dependency geoip-lite to v1.4.3
a1d33e5
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Apr 30, 2024 in 21m 16s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

general

https://vonagecc.jfrog.io/artifactory

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://vonagecc.jfrog.io/artifactory/maven

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

The Security Check found 50 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/tough-cookie/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.1% tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 #794

Reachable

CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json-schema/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> http-signature-1.2.0.tgz

       -> jsprim-1.4.1.tgz

         -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.4% json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 #794

Reachable

CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 8.1 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable

CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 7.6 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable

CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 #788

Reachable

CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> grunt-html-build-0.7.1.tgz (Root Library)

   -> js-beautify-1.13.0.tgz

     -> editorconfig-0.15.3.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #795

Reachable

CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> ❌ qs-6.9.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.9.4.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #829

Reachable

CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json,/node_modules/express/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ qs-6.7.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.7.0.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #828

Reachable

CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/node_modules/qs/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.9% qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #794

Reachable

CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable

CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable

CVE-2022-24434

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/dicer/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> multer-1.4.2.tgz

     -> busboy-0.2.14.tgz

       -> ❌ dicer-0.2.5.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% dicer-0.2.5.tgz #786

Reachable

WS-2018-0590

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/diff/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ diff-1.3.2.tgz (Vulnerable Library)

High 7.1 Not Defined diff-1.3.2.tgz Upgrade to version: 3.5.0 #789

Reachable

WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.6 Not Defined node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable

CVE-2024-28849

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.6 #786

Reachable

CVE-2022-0155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - v1.14.7 #786

Reachable

CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Medium 6.3 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable

CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.0% express-4.17.1.tgz Upgrade to version: express - 4.19.0 #828

Reachable

CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 #794

Reachable

CVE-2023-26159

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.4 #786

Reachable

CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-fetch/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gaxios-4.0.1.tgz

     -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.4% node-fetch-2.6.1.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 #787

Reachable

CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable

CVE-2022-0536

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 5.9 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.14.8 #786

Reachable

CVE-2023-0842

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/xml2js/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ xml2js-0.4.23.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% xml2js-0.4.23.tgz Upgrade to version: xml2js - 0.5.0 #786

Reachable

CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable

WS-2021-0153

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined ejs-3.1.5.tgz Upgrade to version: ejs - 3.1.6 #797

Unreachable

CVE-2022-37602

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-karma/package.json

Dependency Hierarchy:

-> ❌ grunt-karma-4.0.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.2% grunt-karma-4.0.0.tgz #817

Unreachable

CVE-2022-29078

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 42.5% ejs-3.1.5.tgz Upgrade to version: ejs - v3.1.7 #797

Unreachable

CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> iltorb-2.4.5.tgz

     -> prebuild-install-5.3.6.tgz

       -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 1.2% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #792

Unreachable

CVE-2020-28282

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/getobject/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-legacy-util-2.0.0.tgz

     -> ❌ getobject-0.1.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.70000005% getobject-0.1.0.tgz Upgrade to version: getobject - 1.0.0 #788

Unreachable

CVE-2019-10744

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined 1.5% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #796

Unreachable

CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-contrib-connect/node_modules/async/package.json

Dependency Hierarchy:

-> grunt-contrib-connect-3.0.0.tgz (Root Library)

   -> ❌ async-3.2.0.tgz (Vulnerable Library)

High 7.8 Not Defined 0.1% async-3.2.0.tgz Upgrade to version: async - 2.6.4,3.2.2 #799

Unreachable

CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/portscanner/node_modules/async/package.json,/node_modules/grunt-contrib-clean/node_modules/async/package.json,/node_modules/geoip-lite/node_modules/async/package.json,/node_modules/archiver/node_modules/async/package.json,/node_modules/grunt-bower-task/node_modules/async/package.json,/node_modules/grunt-contrib-less/node_modules/async/package.json,/node_modules/grunt-contrib-watch/node_modules/async/package.json

Dependency Hierarchy:

-> grunt-contrib-less-2.0.0.tgz (Root Library)

   -> ❌ async-2.6.3.tgz (Vulnerable Library)

High 7.8 Not Defined 0.1% async-2.6.3.tgz Upgrade to version: async - 2.6.4,3.2.2 None

Unreachable

CVE-2022-38900

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/decode-uri-component/package.json

Dependency Hierarchy:

-> grunt-cli-1.3.2.tgz (Root Library)

   -> liftoff-2.5.0.tgz

     -> findup-sync-2.0.0.tgz

       -> micromatch-3.1.10.tgz

         -> snapdragon-0.8.2.tgz

           -> source-map-resolve-0.5.3.tgz

             -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% decode-uri-component-0.2.0.tgz Upgrade to version: decode-uri-component - 0.2.1 #798

Unreachable

CVE-2022-25858

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/terser/package.json

Dependency Hierarchy:

-> grunt-terser-1.0.0.tgz (Root Library)

   -> ❌ terser-4.8.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% terser-4.8.0.tgz Upgrade to version: terser - 4.8.1,5.14.2 #813

Unreachable

CVE-2022-0355

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/simple-get/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> iltorb-2.4.5.tgz

     -> prebuild-install-5.3.6.tgz

       -> ❌ simple-get-3.1.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% simple-get-3.1.0.tgz Upgrade to version: simple-get - 4.0.1 #792

Unreachable

CVE-2021-23382

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ postcss-4.1.16.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% postcss-4.1.16.tgz Upgrade to version: postcss - 8.2.13 #789

Unreachable

CVE-2017-20165

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.6% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0 #786

Unreachable

CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.4 Not Defined 1.0% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.19 #796

Unreachable

CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable

CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable

CVE-2022-1537

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

High 7.0 Not Defined 0.0% grunt-1.3.0.tgz Upgrade to version: grunt - v1.5.3 #788

Unreachable

CVE-2019-1010266

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.3% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.11 #796

Unreachable

CVE-2018-3721

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.5 #796

Unreachable

CVE-2018-16487

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.11 #796

Unreachable

CVE-2022-0436

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

Medium 5.5 Not Defined 0.0% grunt-1.3.0.tgz Upgrade to version: grunt - 1.5.1 #788

Unreachable

CVE-2017-20162

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/ms/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> debug-2.2.0.tgz

       -> ❌ ms-0.7.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% ms-0.7.1.tgz Upgrade to version: ms - 2.0.0 #786

Unreachable

CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.3% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #786

Unreachable

CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21 #796
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21 #796

Total libraries scanned: 594
Scan token: 818fb924125149caa7dd2da9b1150b4d