[Apiiro] GitHub OSS Vulnerabilities - High Severity · High Risk

Open AhmedThebaSecurrency opened this issue 1 year ago • 0 comments

Discovered on: Jun 19, 2024 05:23
Dependency: ws
Version: 7.5.9
Type: Sub dependency
Introduced through:

@docusaurus/core: 3.3.2 > webpack-bundle-analyzer: 4.10.2 > ws: 7.5.9

Vulnerabilities

ws affected by a DoS when handling a request with many HTTP headers with CVSS score 7.5. fixed version: 7.5.10
ws affected by a DoS when handling a request with many HTTP headers with CVSS score 7.5. fixed version: 7.5.10

About this package:

External dependency: ws - https://www.npmjs.com/package/ws
Package details: Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Latest version: 8.17.0
License: MIT
Insights:

Adequate maintainer count - This package is maintained by at least 3 developers
Adequately tested - Testing practices are thoroughly followed
Frequent commits - New code commits are frequently being pushed
Current CVE - A CVE on this package has not been fixed by an official release/patch
Popularity - This package has many weekly downloads and high popularity scores
Has vulnerabilities - One or more vulnerabilities have been reported for this package
Public repository - This is a repository accessible by the general public

This is a sub-dependency

In order to update its version, you may need to upgrade the following top-level dependencies:

@docusaurus/core (Dependency declared in docs/package-lock.json)
@docusaurus/preset-classic (Dependency declared in docs/package-lock.json)

View in Apiiro

Jun 19 '24 12:06 AhmedThebaSecurrency