node-red-contrib-chatbot
node-red-contrib-chatbot copied to clipboard
guidone
Snyk vulnerabilities
Title
Snyk vulnerabilities
Description
-
There are multiple Snyk vulnerabilities in dependencies used in Chatbot.Listed below
-
Critical
- sequelize(SQL Injection): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected]
-
High
- ansi-regex(Regular Expression Denial of Service (ReDoS)): Introduced through: node-red-contrib-chatbot > [email protected] › [email protected] › [email protected]
- sequelize(Improper Filtering of Special Elements): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected]
- sequelize(SQL Injection): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected]
- async(Prototype Pollution) : Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- mquery(Prototype Pollution): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- qs(Prototype Poisoning): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- qs(Denial of Service): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- qs (Prototype Override Protection Bypass): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- mongoose(Prototype Pollution): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected]
- bson(Internal Property Tampering): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
- bson(Internal Property Tampering): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected] › [email protected] › [email protected]
- mongodb(Denial of Service): Introduced through: node-red-contrib-chatbot › [email protected] › [email protected] › [email protected]
Some other info
express-sessions NPM was last updated 7 years ago and most of the vulnerabilities introduced from this dependency
Hey @girishghoda,
We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created an [email protected] that's vulnerability-free. As with all of our patches, it's open-source and available for free.
If relevant, check out our GitHub repo if you wish to learn more, or start using our app - it's free to use for open-source projects!.
Please feel free to reach us at [email protected] if you have any requests/questions.
