This repository has been archived by the owner on May 22, 2024. It is now read-only.
[Snyk: High]: ansi-regex Regular Expression Denial of Service (ReDoS) (due 02/03/2022) #646
Assignees
Labels
Milestone
Comments
pkfec
added
Security: high
This was referenced Dec 22, 2021
1 task
pkfec
changed the title
Merged
1 task
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Overview
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns [\#;?]* and (?:;[-a-zA-Z\d\/#&.:=?%@~_]).
https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Detailed path:
Introduced through: node-sass@7.0.0
Fixed in: ansi-regex@6.0.1, @5.0.1
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › npmlog@5.0.1 › gauge@3.0.1 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › wrap-ansi@5.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › npmlog@5.0.1 › gauge@3.0.1 › wide-align@1.1.5 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › wrap-ansi@5.1.0 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › node-gyp@7.1.2 › npmlog@4.1.2 › gauge@2.7.4 › wide-align@1.1.5 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Completion criteria:
The text was updated successfully, but these errors were encountered: