[Snyk] Fix for 1 vulnerabilities #158
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2020-36327Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
 High |
8.8 | bundler-2.0.1.gem | Upgrade to version: bundler - 2.2.10 | None |
CVE-2019-3881Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
High |
7.8 | bundler-2.0.1.gem | Upgrade to version: v2.1.0.pre.3 | None |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> ❌ braces-2.3.2.tgz (Vulnerable Library) |
High |
7.5 | braces-2.3.2.tgz | Upgrade to version: braces - 3.0.3 | None |
CVE-2022-24772Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #115 |
CVE-2022-24771Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
High |
7.5 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #116 |
CVE-2021-43809Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem Dependency Hierarchy: -> ❌ bundler-2.0.1.gem (Vulnerable Library) |
High |
7.3 | bundler-2.0.1.gem | Upgrade to version: bundler - 2.2.33 | None |
WS-2022-0008Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
 Medium |
6.6 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #101 |
CVE-2024-29041Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> screenshot-util-1.1.13.tgz (Root Library) -> ❌ express-4.16.4.tgz (Vulnerable Library) |
Medium |
6.1 | express-4.16.4.tgz | Upgrade to version: express - 4.19.0 | None |
CVE-2022-0122Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
6.1 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.0.0 | #99 |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> browser-sync-2.26.4.tgz (Root Library) -> chokidar-2.1.2.tgz -> anymatch-2.0.0.tgz -> ❌ micromatch-3.1.10.tgz (Vulnerable Library) |
Medium |
5.3 | micromatch-3.1.10.tgz | Upgrade to version: micromatch - 4.0.6 | None |
CVE-2022-24773Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> language-3.0.0.tgz (Root Library) -> google-gax-1.15.4.tgz -> google-auth-library-5.10.1.tgz -> gtoken-4.1.4.tgz -> google-p12-pem-2.0.5.tgz -> ❌ node-forge-0.10.0.tgz (Vulnerable Library) |
Medium |
5.3 | node-forge-0.10.0.tgz | Upgrade to version: node-forge - 1.3.0 | #114 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2023-33953 | grpc-v1.19.0 |
| WS-2020-0368 | node-v7.6.0 |
| CVE-2018-17567 | jekyll-v3.7.1 |
| CVE-2020-15168 | node-fetch-2.3.0.tgz |
| CVE-2023-45853 | node-v7.6.0 |
| CVE-2021-23343 | path-parse-1.0.6.tgz |
| CVE-2022-25878 | protobufjs-6.8.8.tgz |
| CVE-2021-32740 | addressable-addressable-2.6.0 |
| CVE-2020-1971 | ring-fips-20180730 |
| CVE-2022-0235 | node-fetch-2.3.0.tgz |
| CVE-2020-7768 | grpc-1.19.0.tgz |
| CVE-2023-32732 | grpc-v1.19.0 |
| CVE-2020-7608 | yargs-parser-5.0.0.tgz |
| CVE-2024-27088 | es5-ext-0.10.49.tgz |
| CVE-2018-7159 | io.js |
| CVE-2018-25032 | node-v7.6.0 |
| CVE-2022-37434 | node-v7.6.0 |
| CVE-2023-32731 | grpc-v1.19.0 |
| CVE-2020-28503 | copy-props-2.0.4.tgz |
| CVE-2020-14001 | kramdown-REL_1_17_0 |
| CVE-2020-7768 | grpc-js-0.3.6.tgz |
| CVE-2022-25878 | protobufjs-5.0.3.tgz |
Base branch total remaining vulnerabilities: 114
Base branch commit: null
Total libraries scanned: 772
Scan token: d766776b3f464b919986e84a11117423