You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
CVE-2021-23406 - High Severity Vulnerability
Vulnerable Libraries - degenerator-2.2.0.tgz, pac-resolver-4.2.0.tgz
degenerator-2.2.0.tgz
Compiles sync functions into async generator functions
Library home page: https://registry.npmjs.org/degenerator/-/degenerator-2.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/degenerator/package.json
Dependency Hierarchy:
pac-resolver-4.2.0.tgz
Generates an asynchronous resolver function from a PAC file
Library home page: https://registry.npmjs.org/pac-resolver/-/pac-resolver-4.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/pac-resolver/package.json
Dependency Hierarchy:
Found in HEAD commit: 707c1e43c37859475e172b5c0fb57cd377dabf94
Vulnerability Details
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
Publish Date: 2021-08-24
URL: CVE-2021-23406
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9j49-mfvp-vmhm
Release Date: 2021-08-24
Fix Resolution: pac-resolver -5.0.0, degenerator - 3.0.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: