You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 19, 2023. It is now read-only.
pkg:npm/canvas@2.10.0 - 1 vulnerability found!
Vulnerability Title: 1 vulnerability found
ID: sonatype-2019-0142
Description: 1 non-CVE vulnerability found. To see more details, please create a free account at https://ossindex.sonatype.org/ and request for this information using your registered account
CVSS Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Reference: https://ossindex.sonatype.org/vulnerability/sonatype-2019-0142
however, this vulnerability was fixed long time ago - it clearly states that it only impacts versions 1.6.9 and below and here vulnerability is reported for version 2.10.0!
Thank you for your report. We are migrating to a new email-based reporting system in order to better mesh with our internal processes, which will allow us to be more reactive to our users. I have moved your request to the internal tracking system and the research team will look into the issue shortly.
If you notice further issues or would like to follow up on this one, please email ossindex@sonatype.org
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Vulnerability URL
https://ossindex.sonatype.org/vulnerability/sonatype-2019-0142
Description
however, this vulnerability was fixed long time ago - it clearly states that it only impacts versions 1.6.9 and below and here vulnerability is reported for version 2.10.0!
see for fix confirmation GHSA-vpq5-4rc8-c222
this seems to be a NEW false-positive as it was not reported for recent versions, so there may be a semver compare mismatch on ossindex side?
The text was updated successfully, but these errors were encountered: