Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency body-parser to ^1.20.3 (main) - autoclosed #340

Closed
wants to merge 1 commit into from
+2 −2

chore(deps): update dependency body-parser to ^1.20.3

7a8d5a0
Select commit
Loading
Failed to load commit list.
Closed

chore(deps): update dependency body-parser to ^1.20.3 (main) - autoclosed #340

chore(deps): update dependency body-parser to ^1.20.3
7a8d5a0
Select commit
Loading
Failed to load commit list.
Mend for github.com / WhiteSource Security Check failed Sep 20, 2024 in 7m 13s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

general

https://vonagecc.jfrog.io/artifactory
Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided unsupported host type gradle, skipped

3 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:
CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2024-43800

Path to dependency file: /sample/SipInterconnect/package.json

Path to vulnerable library: /sample/SipInterconnect/node_modules/serve-static/package.json

Dependency Hierarchy:

-> express-4.19.2.tgz (Root Library)

   -> ❌ serve-static-1.15.0.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% serve-static-1.15.0.tgz Upgrade to version: serve-static - 1.16.0,2.1.0 #337

Unreachable
CVE-2024-43799

Path to dependency file: /sample/SipInterconnect/package.json

Path to vulnerable library: /sample/SipInterconnect/node_modules/send/package.json

Dependency Hierarchy:

-> express-4.19.2.tgz (Root Library)

   -> ❌ send-0.18.0.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% send-0.18.0.tgz Upgrade to version: send - 0.19.0 #337

Unreachable
CVE-2024-43796

Path to dependency file: /sample/SipInterconnect/package.json

Path to vulnerable library: /sample/SipInterconnect/node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.19.2.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% express-4.19.2.tgz Upgrade to version: express - 4.20.0,5.0.0 #337

Unreachable

Base branch total remaining vulnerabilities: 8
Base branch commit: d18c6420b83cd5d0096c8cbea8271e1bc8cfff31


Total libraries scanned: 150

Scan token: 2f3d9c314dfe45b485f8d859bc10390f

View more details on Mend for github.com