False-Positive: Receiving findings for [email protected]

[harshit-kochar]

PURL of wrongly matched component

pkg:npm/[email protected]

Depscan findings

Receiving {"id": "CVE-2019-1010266", "package": "npm:lodash", "purl": "pkg:npm/[email protected]", "package_type": "npm", "package_usage": "required", "version": "4.17.21", "fix_version": "4.17.11", "severity": "MEDIUM", "cvss_score": "5.0", "short_description": "# Regular Expression Denial of Service (ReDoS) in lodash\nlodash prior to 4.7.11 is affected by: CWE 400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.\nUpgrade to version 4.17.11 or later", "related_urls": [], "occurrence_count": 2192, "reachable_flows": 537}

Output: