Update checkmarx-ast-cli binaries with 2.3.40

[cx-anurag-dalke]

Updates checkmarx-ast-cli to 2.3.40

Auto-generated by [create-pull-request][2]

[cx-ben-alvo]

Checkmarx One – Scan Summary & Details – 30eb6146-2f8d-48c8-aec9-e1f4fb6b207c

New Issues (22)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-7783	Npm-form-data-4.0.2	details Recommended version: 4.0.4 Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with the pro... Attack Vector: NETWORK Attack Complexity: HIGH ID: 5cWpngqrlhesqyN50uekp0XNeQ7jcLyhYCsochRLv60%3D Vulnerable Package
	CVE-2025-48387	Npm-tar-fs-2.1.2	details Recommended version: 2.1.4 Description: The package tar-fs provides filesystem bindings for tar-stream. In versions prior to 1.16.5, 2.0.x prior to 2.1.3, and 3.0.x prior to 3.0.9, there ... Attack Vector: NETWORK Attack Complexity: LOW ID: H9m%2F9gKTEt3HC%2BGqM3u3GQuQzzjsFGoG26QJePgOyFQ%3D Vulnerable Package
	CVE-2025-48387	Npm-tar-fs-1.16.4	details Recommended version: 1.16.6 Description: The package tar-fs provides filesystem bindings for tar-stream. In versions prior to 1.16.5, 2.0.x prior to 2.1.3, and 3.0.x prior to 3.0.9, there ... Attack Vector: NETWORK Attack Complexity: LOW ID: obxiKPz1hhHUTzMQcGI7i2LrnHrPrQq4UNUVUCLY1s0%3D Vulnerable Package
	CVE-2025-59343	Npm-tar-fs-1.16.4	details Recommended version: 1.16.6 Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.4, and 1.16.6 are vulnerable to symlink validation bypass if the d... Attack Vector: NETWORK Attack Complexity: LOW ID: m5mLMvw3lfglRLU4oUx0RyR6mSThYO%2B3wee7%2FvtVbT8%3D Vulnerable Package
	CVE-2025-59343	Npm-tar-fs-2.1.2	details Recommended version: 2.1.4 Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.4, and 1.16.6 are vulnerable to symlink validation bypass if the d... Attack Vector: NETWORK Attack Complexity: LOW ID: sTa50Qg1P5LeToe0hVtU7cGesS3oVKXWUWorPHvztnA%3D Vulnerable Package
	CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH ID: 2InVqQiHicpu%2BxWWL7YKRdc83dZTp%2F%2BLEGStihrl%2F%2Bk%3D Vulnerable Package
	CVE-2025-64756	Npm-glob-11.0.1	details Recommended version: 11.1.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH ID: jlupwMrlqeLe3NR79rfStGE4Ae2NSOnWDih8JRZ3wOc%3D Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: XpjP9Y3H2G8dtlOr%2B1Ts%2FUWQCXfdLzt%2FfgH%2BjU6KjLk%3D Vulnerable Package
	ALB Listening on HTTP	/positive1.tf: 9	details AWS Application Load Balancer (alb) should not listen on HTTP ID: yZXbrnwNo%2FZnfgvlzkJfobryAGE%3D
	CVE-2023-0842	Npm-xml2js-0.4.23	details Recommended version: 0.5.0 Description: The xml2js in versions prior to 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the applicat... Attack Vector: NETWORK Attack Complexity: LOW ID: 100EizvKim%2BXWXiX4kbH8dX4OUALN8LSKld7tYSmz0Y%3D Vulnerable Package
	CVE-2024-11831	Npm-serialize-javascript-6.0.0	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW ID: t0oTG1vm9vdyKlKhhl4vkHSce6bku6ZrY1lec%2BkOv4o%3D Vulnerable Package
	CVE-2024-55565	Npm-nanoid-3.3.3	details Recommended version: 3.3.8 Description: The package nanoid versions through 3.3.7 and 4.0.0 through 5.0.8 mishandle non-integer values. Attack Vector: NETWORK Attack Complexity: LOW ID: 6uXJsteLdUyAYmvbHmluPvVEm86P9XUweez0OpKw%2BBE%3D Vulnerable Package
	CVE-2025-54798	Npm-tmp-0.2.3	details Recommended version: 0.2.4 Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo... Attack Vector: NETWORK Attack Complexity: LOW ID: 1b9lAlmbwlrl0Kp4tvbx59DQBMcJI53pV9o3wmp7VAE%3D Vulnerable Package
	ELBv2 LB Access Log Disabled	/positive1.tf: 15	details ELBv2 LBs should have access log enabled to capture detailed information about requests sent to your load balancer. ID: T6F6kPHYKPFyDpB87WgOa6ulhic%3D
	APT-GET Missing Flags To Avoid Manual Input	/Dockerfile: 5	details Check if apt-get calls use flags to avoid user manual input. ID: PP9WHiBQsCBajZJkTBnbeQ%2FWmoo%3D
	CVE-2025-5889	Npm-brace-expansion-1.1.11	details Recommended version: 1.1.12 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: MN8HzBq7F8UviOehDKdQsQe6Mi0wgaob0KAiuAYi55A%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-2.0.1	details Recommended version: 2.0.2 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: ZUCffvi9PUhRY6TpuB9pw%2BrfidIQmM48wzhkQdOR5M0%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-4.3.4	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: aiA%2BcKcOM40v4FFD99%2B%2FdDNv0rNJojuP0d1eisjcTYc%3D Vulnerable Package
	Cxda14f253-4e52	Npm-bluebird-3.7.2	details Description: The package `bluebird` is vulnerable to memory leak, when running the function longStackTraces() with the flag `--expose_gc`. This causes a signifi... Attack Vector: NETWORK Attack Complexity: HIGH ID: bSO1pXqako2Ww%2B3ZSo98KVwApT4ZLmEuYfIe8bctvlE%3D Vulnerable Package
	Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working ID: GFv7YpwPyFMEfyTpNssycczyYxE%3D
	IAM Access Analyzer Not Enabled	/positive1.tf: 15	details IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions ID: 1MGxcg6vKIu%2FLuepwD32VKiKgnI%3D
	Shield Advanced Not In Use	/positive1.tf: 15	details AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,... ID: uksw0A3tt%2BuOK%2Bie011Hp%2FcD5Dk%3D

---

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR