You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
mend-for-github-combot
changed the title
stylelint-13.1.0.tgz: 5 vulnerabilities (highest severity is: 7.5)
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 7.5)
Mar 19, 2022
mend-for-github-combot
changed the title
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 7.5)
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 9.8)
Mar 21, 2022
mend-for-github-combot
changed the title
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 9.8)
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 7.5)
Jun 19, 2022
mend-for-github-combot
changed the title
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 7.5)
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 9.8)
Aug 5, 2022
mend-for-github-combot
changed the title
stylelint-13.1.0.tgz: 6 vulnerabilities (highest severity is: 9.8)
stylelint-13.1.0.tgz: 7 vulnerabilities (highest severity is: 9.8)
Dec 7, 2022
Vulnerable Library - stylelint-13.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-44906
Vulnerable Library - minimist-1.1.3.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: 2022-03-17
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-33623
Vulnerable Library - trim-newlines-3.0.0.tgz
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution (trim-newlines): 3.0.1
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-23382
Vulnerable Library - postcss-7.0.26.tgz
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.26.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution (postcss): 7.0.36
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-7598
Vulnerable Library - minimist-1.1.3.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution (minimist): 1.2.3
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-23368
Vulnerable Library - postcss-7.0.26.tgz
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.26.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution (postcss): 7.0.36
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-23364
Vulnerable Library - browserslist-4.8.7.tgz
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.8.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution (browserslist): 4.16.5
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-7608
Vulnerable Library - yargs-parser-16.1.0.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-16.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 79acd56f0f99bd4d378e24c33f3f4831cc1e5314
Found in base branch: master
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-16
Fix Resolution (yargs-parser): 18.1.1
Direct dependency fix Resolution (stylelint): 13.2.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: