mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 06:35:54 -05:00
344 lines
14 KiB
Plaintext
344 lines
14 KiB
Plaintext
# npm audit report
|
|
|
|
braces <=2.3.2
|
|
Severity: high
|
|
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
|
|
Depends on vulnerable versions of snapdragon
|
|
fix available via `npm audit fix`
|
|
node_modules/braces
|
|
node_modules/readdirp/node_modules/braces
|
|
micromatch 0.2.0 - 3.1.10
|
|
Depends on vulnerable versions of braces
|
|
Depends on vulnerable versions of parse-glob
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/micromatch
|
|
node_modules/readdirp/node_modules/micromatch
|
|
anymatch 1.2.0 - 1.3.2
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/anymatch
|
|
chokidar 1.0.0-rc1 - 2.1.8
|
|
Depends on vulnerable versions of anymatch
|
|
Depends on vulnerable versions of glob-parent
|
|
node_modules/chokidar
|
|
babel-cli *
|
|
Depends on vulnerable versions of chokidar
|
|
node_modules/babel-cli
|
|
minify-js *
|
|
Depends on vulnerable versions of babel-cli
|
|
Depends on vulnerable versions of utils-igor
|
|
node_modules/dir_cache/node_modules/minify-js
|
|
node_modules/minify-js
|
|
node_modules/utils-igor/node_modules/minify-js
|
|
dir_cache >=1.0.2
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache
|
|
utils-igor >=2.0.0
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
|
|
node_modules/utils-igor
|
|
readdirp 2.2.0 - 2.2.1
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/readdirp
|
|
|
|
deep-extend <0.5.1
|
|
Severity: critical
|
|
Prototype Pollution in deep-extend - https://github.com/advisories/GHSA-hr2v-3952-633q
|
|
fix available via `npm audit fix`
|
|
node_modules/deep-extend
|
|
column-layout >=1.3.0
|
|
Depends on vulnerable versions of command-line-args
|
|
Depends on vulnerable versions of deep-extend
|
|
node_modules/column-layout
|
|
command-line-usage 2.0.0 - 3.0.8
|
|
Depends on vulnerable versions of column-layout
|
|
Depends on vulnerable versions of table-layout
|
|
node_modules/column-layout/node_modules/command-line-usage
|
|
node_modules/command-line-usage
|
|
node_modules/jsdoc-parse/node_modules/command-line-usage
|
|
cli-commands <=0.1.0
|
|
Depends on vulnerable versions of command-line-usage
|
|
node_modules/cli-commands
|
|
usage-stats 0.8.0 - 0.8.6
|
|
Depends on vulnerable versions of cli-commands
|
|
node_modules/usage-stats
|
|
app-usage-stats 0.4.0 - 0.5.0
|
|
Depends on vulnerable versions of usage-stats
|
|
node_modules/app-usage-stats
|
|
jsdoc2md-stats 1.0.6 - 2.0.0
|
|
Depends on vulnerable versions of app-usage-stats
|
|
node_modules/jsdoc2md-stats
|
|
command-line-args 2.1.0 - 2.1.6
|
|
Depends on vulnerable versions of command-line-usage
|
|
node_modules/column-layout/node_modules/command-line-args
|
|
node_modules/jsdoc-parse/node_modules/command-line-args
|
|
jsdoc-parse 0.2.5 - 2.0.0
|
|
Depends on vulnerable versions of command-line-args
|
|
Depends on vulnerable versions of file-set
|
|
Depends on vulnerable versions of jsdoc-api
|
|
node_modules/jsdoc-parse
|
|
jsdoc-to-markdown 0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
|
|
Depends on vulnerable versions of command-line-usage
|
|
Depends on vulnerable versions of dmd
|
|
Depends on vulnerable versions of jsdoc-parse
|
|
node_modules/jsdoc-to-markdown
|
|
grunt-jsdoc-to-markdown 0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
|
|
Depends on vulnerable versions of jsdoc-to-markdown
|
|
node_modules/grunt-jsdoc-to-markdown
|
|
command-line-tool 0.3.0 - 0.6.4
|
|
Depends on vulnerable versions of command-line-usage
|
|
node_modules/command-line-tool
|
|
dmd 0.3.23 - 2.0.1
|
|
Depends on vulnerable versions of command-line-tool
|
|
Depends on vulnerable versions of ddata
|
|
Depends on vulnerable versions of stream-handlebars
|
|
node_modules/dmd
|
|
table-layout <=0.4.0
|
|
Depends on vulnerable versions of deep-extend
|
|
node_modules/table-layout
|
|
|
|
glob-parent <5.1.2
|
|
Severity: high
|
|
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
|
|
fix available via `npm audit fix`
|
|
node_modules/glob-parent
|
|
chokidar 1.0.0-rc1 - 2.1.8
|
|
Depends on vulnerable versions of anymatch
|
|
Depends on vulnerable versions of glob-parent
|
|
node_modules/chokidar
|
|
babel-cli *
|
|
Depends on vulnerable versions of chokidar
|
|
node_modules/babel-cli
|
|
minify-js *
|
|
Depends on vulnerable versions of babel-cli
|
|
Depends on vulnerable versions of utils-igor
|
|
node_modules/dir_cache/node_modules/minify-js
|
|
node_modules/minify-js
|
|
node_modules/utils-igor/node_modules/minify-js
|
|
dir_cache >=1.0.2
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache
|
|
utils-igor >=2.0.0
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
|
|
node_modules/utils-igor
|
|
glob-base *
|
|
Depends on vulnerable versions of glob-parent
|
|
node_modules/glob-base
|
|
parse-glob >=2.1.0
|
|
Depends on vulnerable versions of glob-base
|
|
node_modules/parse-glob
|
|
micromatch 0.2.0 - 3.1.10
|
|
Depends on vulnerable versions of braces
|
|
Depends on vulnerable versions of parse-glob
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/micromatch
|
|
node_modules/readdirp/node_modules/micromatch
|
|
anymatch 1.2.0 - 1.3.2
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/anymatch
|
|
readdirp 2.2.0 - 2.2.1
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/readdirp
|
|
|
|
handlebars <=4.7.6
|
|
Severity: critical
|
|
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
|
|
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-w457-6q6x-cgp9
|
|
Cross-Site Scripting in handlebars - https://github.com/advisories/GHSA-9prh-257w-9277
|
|
Depends on vulnerable versions of optimist
|
|
fix available via `npm audit fix`
|
|
node_modules/ddata/node_modules/handlebars
|
|
node_modules/stream-handlebars/node_modules/handlebars
|
|
ddata >=0.1.18
|
|
Depends on vulnerable versions of handlebars
|
|
node_modules/ddata
|
|
dmd 0.3.23 - 2.0.1
|
|
Depends on vulnerable versions of command-line-tool
|
|
Depends on vulnerable versions of ddata
|
|
Depends on vulnerable versions of stream-handlebars
|
|
node_modules/dmd
|
|
jsdoc-to-markdown 0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
|
|
Depends on vulnerable versions of command-line-usage
|
|
Depends on vulnerable versions of dmd
|
|
Depends on vulnerable versions of jsdoc-parse
|
|
node_modules/jsdoc-to-markdown
|
|
grunt-jsdoc-to-markdown 0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
|
|
Depends on vulnerable versions of jsdoc-to-markdown
|
|
node_modules/grunt-jsdoc-to-markdown
|
|
stream-handlebars <=0.1.6
|
|
Depends on vulnerable versions of handlebars
|
|
node_modules/stream-handlebars
|
|
|
|
minimatch <3.0.2
|
|
Severity: high
|
|
Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
|
|
fix available via `npm audit fix`
|
|
node_modules/jsdoc-parse/node_modules/minimatch
|
|
glob 3.0.0 - 5.0.14
|
|
Depends on vulnerable versions of minimatch
|
|
node_modules/jsdoc-parse/node_modules/glob
|
|
file-set <=0.2.8
|
|
Depends on vulnerable versions of glob
|
|
node_modules/jsdoc-parse/node_modules/file-set
|
|
jsdoc-parse 0.2.5 - 2.0.0
|
|
Depends on vulnerable versions of command-line-args
|
|
Depends on vulnerable versions of file-set
|
|
Depends on vulnerable versions of jsdoc-api
|
|
node_modules/jsdoc-parse
|
|
jsdoc-to-markdown 0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
|
|
Depends on vulnerable versions of command-line-usage
|
|
Depends on vulnerable versions of dmd
|
|
Depends on vulnerable versions of jsdoc-parse
|
|
node_modules/jsdoc-to-markdown
|
|
grunt-jsdoc-to-markdown 0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
|
|
Depends on vulnerable versions of jsdoc-to-markdown
|
|
node_modules/grunt-jsdoc-to-markdown
|
|
|
|
minimist <0.2.1
|
|
Severity: moderate
|
|
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
|
|
fix available via `npm audit fix`
|
|
node_modules/optimist/node_modules/minimist
|
|
optimist >=0.6.0
|
|
Depends on vulnerable versions of minimist
|
|
node_modules/optimist
|
|
handlebars <=4.7.6
|
|
Depends on vulnerable versions of optimist
|
|
node_modules/ddata/node_modules/handlebars
|
|
node_modules/stream-handlebars/node_modules/handlebars
|
|
ddata >=0.1.18
|
|
Depends on vulnerable versions of handlebars
|
|
node_modules/ddata
|
|
dmd 0.3.23 - 2.0.1
|
|
Depends on vulnerable versions of command-line-tool
|
|
Depends on vulnerable versions of ddata
|
|
Depends on vulnerable versions of stream-handlebars
|
|
node_modules/dmd
|
|
jsdoc-to-markdown 0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
|
|
Depends on vulnerable versions of command-line-usage
|
|
Depends on vulnerable versions of dmd
|
|
Depends on vulnerable versions of jsdoc-parse
|
|
node_modules/jsdoc-to-markdown
|
|
grunt-jsdoc-to-markdown 0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
|
|
Depends on vulnerable versions of jsdoc-to-markdown
|
|
node_modules/grunt-jsdoc-to-markdown
|
|
stream-handlebars <=0.1.6
|
|
Depends on vulnerable versions of handlebars
|
|
node_modules/stream-handlebars
|
|
node-windows >=0.1.5
|
|
Depends on vulnerable versions of optimist
|
|
node_modules/node-windows
|
|
|
|
nedb *
|
|
Severity: high
|
|
Prototype Pollution - https://github.com/advisories/GHSA-339j-hqgx-qrrx
|
|
Depends on vulnerable versions of binary-search-tree
|
|
Depends on vulnerable versions of underscore
|
|
No fix available
|
|
node_modules/nedb
|
|
|
|
set-value <4.0.1
|
|
Severity: high
|
|
Prototype Pollution in set-value - https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
|
|
fix available via `npm audit fix`
|
|
node_modules/set-value
|
|
cache-base >=0.7.0
|
|
Depends on vulnerable versions of set-value
|
|
Depends on vulnerable versions of union-value
|
|
node_modules/cache-base
|
|
base >=0.7.0
|
|
Depends on vulnerable versions of cache-base
|
|
node_modules/base
|
|
snapdragon 0.6.0 - 0.10.1
|
|
Depends on vulnerable versions of base
|
|
node_modules/snapdragon
|
|
braces <=2.3.2
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/braces
|
|
node_modules/readdirp/node_modules/braces
|
|
micromatch 0.2.0 - 3.1.10
|
|
Depends on vulnerable versions of braces
|
|
Depends on vulnerable versions of parse-glob
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/micromatch
|
|
node_modules/readdirp/node_modules/micromatch
|
|
anymatch 1.2.0 - 1.3.2
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/anymatch
|
|
chokidar 1.0.0-rc1 - 2.1.8
|
|
Depends on vulnerable versions of anymatch
|
|
Depends on vulnerable versions of glob-parent
|
|
node_modules/chokidar
|
|
babel-cli *
|
|
Depends on vulnerable versions of chokidar
|
|
node_modules/babel-cli
|
|
minify-js *
|
|
Depends on vulnerable versions of babel-cli
|
|
Depends on vulnerable versions of utils-igor
|
|
node_modules/dir_cache/node_modules/minify-js
|
|
node_modules/minify-js
|
|
node_modules/utils-igor/node_modules/minify-js
|
|
dir_cache >=1.0.2
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache
|
|
utils-igor >=2.0.0
|
|
Depends on vulnerable versions of minify-js
|
|
node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
|
|
node_modules/utils-igor
|
|
readdirp 2.2.0 - 2.2.1
|
|
Depends on vulnerable versions of micromatch
|
|
node_modules/readdirp
|
|
expand-brackets 1.0.0 - 2.1.4
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/readdirp/node_modules/expand-brackets
|
|
extglob 1.0.0 - 2.0.4
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/readdirp/node_modules/extglob
|
|
nanomatch >=0.1.1
|
|
Depends on vulnerable versions of snapdragon
|
|
node_modules/nanomatch
|
|
union-value *
|
|
Depends on vulnerable versions of set-value
|
|
node_modules/union-value
|
|
|
|
underscore 1.3.2 - 1.12.0
|
|
Severity: high
|
|
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
|
|
No fix available
|
|
node_modules/jsdoc-75lb/node_modules/underscore
|
|
node_modules/underscore
|
|
binary-search-tree *
|
|
Depends on vulnerable versions of underscore
|
|
node_modules/binary-search-tree
|
|
nedb *
|
|
Depends on vulnerable versions of binary-search-tree
|
|
Depends on vulnerable versions of underscore
|
|
node_modules/nedb
|
|
jsdoc-75lb *
|
|
Depends on vulnerable versions of underscore
|
|
node_modules/jsdoc-75lb
|
|
jsdoc-api 0.1.0 - 3.0.0
|
|
Depends on vulnerable versions of jsdoc-75lb
|
|
node_modules/jsdoc-api
|
|
jsdoc-parse 0.2.5 - 2.0.0
|
|
Depends on vulnerable versions of command-line-args
|
|
Depends on vulnerable versions of file-set
|
|
Depends on vulnerable versions of jsdoc-api
|
|
node_modules/jsdoc-parse
|
|
jsdoc-to-markdown 0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
|
|
Depends on vulnerable versions of command-line-usage
|
|
Depends on vulnerable versions of dmd
|
|
Depends on vulnerable versions of jsdoc-parse
|
|
node_modules/jsdoc-to-markdown
|
|
grunt-jsdoc-to-markdown 0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
|
|
Depends on vulnerable versions of jsdoc-to-markdown
|
|
node_modules/grunt-jsdoc-to-markdown
|
|
|
|
48 vulnerabilities (1 low, 3 moderate, 27 high, 17 critical)
|
|
|
|
To address issues that do not require attention, run:
|
|
npm audit fix
|
|
|
|
Some issues need review, and may require choosing
|
|
a different dependency.
|