bauta.js icon indicating copy to clipboard operation
bauta.js copied to clipboard

Published 20 hours ago verified publisher icon axa-group

bautajs-fastify-3.0.2.tgz: 1 vulnerabilities (highest severity is: 5.3)

Open mend-for-github-com[bot] opened this issue 1 year ago • 0 comments

Vulnerable Library - bautajs-fastify-3.0.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/find-my-way/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bautajs-fastify version) Remediation Possible**
CVE-2024-45813 Medium 5.3 find-my-way-8.1.0.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-45813

Vulnerable Library - find-my-way-8.1.0.tgz

Library home page: https://registry.npmjs.org/find-my-way/-/find-my-way-8.1.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/find-my-way/package.json

Dependency Hierarchy:

  • bautajs-fastify-3.0.2.tgz (Root Library)
    • fastify-4.26.1.tgz
      • :x: find-my-way-8.1.0.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like /:a-:b-. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.

Publish Date: 2024-09-18

URL: CVE-2024-45813

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6

Release Date: 2024-09-18

Fix Resolution: find-my-way - 8.2.2,9.0.1

mend-for-github-com[bot] avatar Sep 20 '24 00:09 mend-for-github-com[bot]