daydream
daydream copied to clipboard
Published
20 hours ago •
segmentio
segmentio
[Snyk] Upgrade analytics-node from 2.1.1 to 2.4.1
Snyk has created this PR to upgrade analytics-node from 2.1.1 to 2.4.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 3 versions ahead of your current version.
- The recommended version was released 6 years ago, on 2017-05-05.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Prototype Pollution SNYK-JS-LODASH-73638 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Poisoning SNYK-JS-QS-3153490 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Override Protection Bypass npm:qs:20170213 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Uninitialized Memory Exposure npm:https-proxy-agent:20180402 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Mature |
|
Command Injection SNYK-JS-LODASH-1040724 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Pollution SNYK-JS-LODASH-450202 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Uninitialized Memory Exposure npm:http-proxy-agent:20180406 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Mature |
|
Prototype Pollution SNYK-JS-LODASH-567746 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Pollution SNYK-JS-LODASH-608086 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Pollution SNYK-JS-Y18N-1021887 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Prototype Pollution npm:lodash:20180130 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Uninitialized Memory Exposure npm:ip:20170304 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Information Exposure npm:superagent:20181108 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Prototype Pollution SNYK-JS-MINIMIST-559764 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Regular Expression Denial of Service (ReDoS) npm:brace-expansion:20170302 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
 |
Regular Expression Denial of Service (ReDoS) npm:mime:20170907 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Regular Expression Denial of Service (ReDoS) npm:ms:20170412 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Denial of Service (DoS) npm:superagent:20170807 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
No Known Exploit |
|
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
|
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
472/1000 Why? Proof of Concept exploit, CVSS 7.3 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
