coveralls-test #1446

tubone24 · 2024-03-25T01:18:19Z

No description provided.

coveralls · 2024-03-25T01:24:19Z

Pull Request Test Coverage Report for Build 8413750086

Details

0 of 0 changed or added relevant lines in 0 files are covered.
1 unchanged line in 1 file lost coverage.
Overall coverage decreased (-0.5%) to 85.117%

Files with Coverage Reduction	New Missed Lines	%
src/components/Card/index.tsx	1	78.57%

Totals
Change from base Build 8308488570:	-0.5%
Covered Lines:	250
Relevant Lines:	281

💛 - Coveralls

github-actions · 2024-03-25T01:24:24Z

Snyk vulnerability report

OSS packages

Tested 1786 dependencies for known issues, found 14 issues, 30 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by gatsby-plugin-offline@5.23.1 > glob@7.2.3 > inflight@1.0.6 and 8 other path(s)

Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1
introduced by gatsby-transformer-remark@5.25.1
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@5.0.1
introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1
This issue was fixed in versions: 6.0.2
✗ Uncontrolled Resource Consumption ('Resource Exhaustion') [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-TAR-6476909] in tar@6.2.0
introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.4.1 > tar@6.2.0 and 1 other path(s)
This issue was fixed in versions: 6.2.1
✗ Path Traversal [High Severity][https://security.snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555] in webpack-dev-middleware@4.3.0
introduced by gatsby@4.25.7 > webpack-dev-middleware@4.3.0
This issue was fixed in versions: 5.3.4, 6.1.2, 7.1.0

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

Snyk testing Infrastructure as Code configuration issues.
✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2023-39804
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6
Fixed in: 1.30+dfsg-6+deb10u1

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-7008
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-50868
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Improper Authentication
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pam/libpam0g
Description: CVE-2024-22365
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916
Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5
From: pam/libpam0g@1.3.1-5
From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5
From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5
and 11 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-50495
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-45918
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6474579
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Uncaught Exception
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6474583
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: CVE-2023-4039
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7deb10u10

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: CVE-2022-4415
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Medium severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u4

✗ Medium severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u11

✗ High severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-26604
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7deb10u9

✗ High severity vulnerability found in systemd/libsystemd0
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u10

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u12

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in zlib/zlib1g
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964
Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2
From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2

✗ Critical severity vulnerability found in libtasn1-6
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

✗ Critical severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

------------ Detected 34 vulnerabilities for node@18.12.1 ------------

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Permissive Cross-domain Policy with Untrusted Domains
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ Medium severity vulnerability found in node
Description: Timing Attack
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: HTTP Request Smuggling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Inconsistency Between Implementation and Documented Design
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Over-read
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Underwrite (Buffer Underflow)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Improper Access Control
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Medium severity vulnerability found in node
Description: Observable Timing Discrepancy
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Insecure Permissions
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Access of Resource Using Incompatible Type ('Type Confusion')
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Prototype Pollution
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ High severity vulnerability found in node
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:18.12.1-buster-slim
Licenses: enabled

Tested 85 dependencies for known issues, found 119 issues.

Base Image Vulnerabilities Severity
node:18.12.1-buster-slim 119 3 critical, 17 high, 23 medium, 76 low

Recommendations for base image upgrade:

Minor upgrades
Base Image Vulnerabilities Severity
node:18.19.1-buster-slim 75 2 critical, 3 high, 1 medium, 69 low

Major upgrades
Base Image Vulnerabilities Severity
node:20.11.1-buster-slim 75 2 critical, 3 high, 1 medium, 69 low

Alternative image types
Base Image Vulnerabilities Severity
node:21.7.0-bookworm-slim 37 1 critical, 1 high, 0 medium, 35 low
node:21.7.0-bullseye-slim 68 1 critical, 1 high, 0 medium, 66 low
node:lts-bookworm 172 1 critical, 3 high, 1 medium, 167 low
node:20.11.0-slim 45 1 critical, 5 high, 3 medium, 36 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions · 2024-03-25T01:24:30Z

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 6600d231159c7f53d4cec2e7
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/6600d231159c7f53d4cec2e7
Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:6600d231159c7f53d4cec2e7
Website draft URL: https://6600d231159c7f53d4cec2e7--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions · 2024-03-25T01:24:45Z

Bundle Analyzer URL

https://6600d231159c7f53d4cec2e7--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions · 2024-03-25T01:25:08Z

Memlab leaks report

page-load [7.1MB] (baseline) [s1] > action-on-page [8.1MB] (target) [s2] > revert [9.1MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1248--
--Retained size of leaked objects: 142.3KB--
[<synthetic>] (synthetic) @1 [10.3MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6265 [64.3KB]
  --setTimeout (property)--->  [<closure>] (closure) @145485 [268 bytes]
  --context (internal)--->  [<function scope>] (object) @194833 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @47257 [30.2KB]
  --n (variable)--->  [t] (closure) @94735 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @81903 [42.5KB]
  --n (variable)--->  [Object] (object) @76807 [42.4KB]
  --9077 (element)--->  [Object] (object) @76827 [24 bytes]
  --exports (property)--->  [r] (closure) @212961 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @213947 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @275495 [1.5KB]
  --e (variable)--->  [Object] (object) @309769 [1KB]
  --2 (element)--->  [Object] (object) @324849 [76 bytes]
  --aaAutocomplete (property)--->  [d] (object) @335147 [348 bytes]
  --$node (property)--->  [$] (object) @384219 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @320791 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @321173 [5.6KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @321053 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @321199 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @321425 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @321411 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @321513 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @321625 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @321611 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @321597 [2.5KB]
  --13 (element)--->  [Detached InternalNode] (native) @36758 [488 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @36760 [432 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @30966 [72 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 49.9KB--
[<synthetic>] (synthetic) @1 [10.3MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6265 [64.3KB]
  --___replace (property)--->  [<closure>] (closure) @145793 [76 bytes]
  --context (internal)--->  [<function scope>] (object) @100971 [724 bytes]
  --i (variable)--->  [Module] (object) @94743 [6.3KB]
  --get version (property)--->  [version] (closure) @86893 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @74959 [6.5KB]
  --Qn (variable)--->  [y] (object) @392115 [368 bytes]
  --props (property)--->  [Object] (object) @417303 [28 bytes]
  --children (property)--->  [Object] (object) @417305 [296 bytes]
  --props (property)--->  [Object] (object) @417651 [56 bytes]
  --children (property)--->  [Object] (object) @393925 [1.2KB]
  --__ (property)--->  [Object] (object) @446341 [1.1KB]
  --__ (property)--->  [Object] (object) @446353 [940 bytes]
  --__ (property)--->  [Object] (object) @446367 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @321093 [440 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @321091 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @321089 [384 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @320829 [14.9KB]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @320797 [2KB]
  --8 (element)--->  [Detached HTMLSpanElement] (native) @320793 [384 bytes]
  --6 (element)--->  [Detached InternalNode] (native) @30340 [240 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @28870 [184 bytes]
  --2 (element)--->  [Detached NamedNodeMap] (native) @28874 [40 bytes]

github-actions · 2024-03-25T01:25:16Z

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 6600d2763840ca53e1d9adf0
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/blog-storybook/deploys/6600d2763840ca53e1d9adf0
Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:6600d2763840ca53e1d9adf0
Website draft URL: https://6600d2763840ca53e1d9adf0--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions · 2024-03-25T01:26:20Z

Lighthouse Score

Desktop

performance: 99
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 76
accessibility: 100
best-practices: 96
seo: 93
pwa: 100

github-actions · 2024-03-25T01:33:51Z

Memlab leaks report

page-load [7.2MB] (baseline) [s1] > action-on-page [8.1MB] (target) [s2] > revert [9.2MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1634--
--Retained size of leaked objects: 175.7KB--
[<synthetic>] (synthetic) @1 [10.4MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6257 [63.9KB]
  --setTimeout (property)--->  [<closure>] (closure) @48295 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @178303 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @87329 [30.1KB]
  --n (variable)--->  [t] (closure) @167099 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @172769 [42.5KB]
  --n (variable)--->  [Object] (object) @273363 [42.4KB]
  --9077 (element)--->  [Object] (object) @253631 [24 bytes]
  --exports (property)--->  [r] (closure) @226407 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @284765 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @226793 [1.5KB]
  --e (variable)--->  [Object] (object) @226795 [1KB]
  --2 (element)--->  [Object] (object) @330545 [76 bytes]
  --aaAutocomplete (property)--->  [d] (object) @352005 [348 bytes]
  --$node (property)--->  [$] (object) @354623 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @325613 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @325925 [5.6KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @326237 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @325953 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @325687 [2.5KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @325701 [2.5KB]
  --16 (element)--->  [Detached InternalNode] (native) @34634 [336 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @34636 [224 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @34626 [224 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @34628 [112 bytes]
  --1 (element)--->  [Detached EventListener] (native) @38720 [112 bytes]
  --1 (element)--->  [Detached V8EventListener] (native) @39028 [40 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 49.9KB--
[<synthetic>] (synthetic) @1 [10.4MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6257 [63.9KB]
  --___replace (property)--->  [<closure>] (closure) @48629 [76 bytes]
  --context (internal)--->  [<function scope>] (object) @167153 [724 bytes]
  --i (variable)--->  [Module] (object) @169289 [6.3KB]
  --get version (property)--->  [version] (closure) @250965 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @136189 [6.5KB]
  --Qn (variable)--->  [y] (object) @405101 [368 bytes]
  --props (property)--->  [Object] (object) @405097 [28 bytes]
  --children (property)--->  [Object] (object) @405023 [296 bytes]
  --props (property)--->  [Object] (object) @421915 [56 bytes]
  --children (property)--->  [Object] (object) @423495 [1.2KB]
  --__ (property)--->  [Object] (object) @430535 [1.1KB]
  --__ (property)--->  [Object] (object) @430545 [940 bytes]
  --__ (property)--->  [Object] (object) @430559 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @326269 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @326267 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @326227 [384 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @325653 [14.9KB]
  --8 (element)--->  [Detached HTMLElement] (native) @325671 [25.4KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @325669 [22.1KB]
  --6 (element)--->  [Detached Text] (native) @324985 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @324981 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @324977 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @324945 [2.5KB]
  --8 (element)--->  [Detached Text] (native) @324941 [220 bytes]
  --6 (element)--->  [Detached HTMLHeadingElement] (native) @324933 [664 bytes]
  --8 (element)--->  [Detached Text] (native) @324929 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @324921 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @324917 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @324909 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @324905 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @324901 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @324897 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @324889 [576 bytes]
  --10 (element)--->  [Detached InternalNode] (native) @28588 [152 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @30264 [96 bytes]
  --2 (element)--->  [Detached NamedNodeMap] (native) @30268 [40 bytes]

github-actions · 2024-03-25T01:34:00Z

Snyk vulnerability report

OSS packages

Tested 1786 dependencies for known issues, found 14 issues, 30 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by gatsby-plugin-offline@5.23.1 > glob@7.2.3 > inflight@1.0.6 and 8 other path(s)

Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1
introduced by gatsby-transformer-remark@5.25.1
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@5.0.1
introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1
This issue was fixed in versions: 6.0.2
✗ Uncontrolled Resource Consumption ('Resource Exhaustion') [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-TAR-6476909] in tar@6.2.0
introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.4.1 > tar@6.2.0 and 1 other path(s)
This issue was fixed in versions: 6.2.1
✗ Path Traversal [High Severity][https://security.snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555] in webpack-dev-middleware@4.3.0
introduced by gatsby@4.25.7 > webpack-dev-middleware@4.3.0
This issue was fixed in versions: 5.3.4, 6.1.2, 7.1.0

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

Snyk testing Infrastructure as Code configuration issues.
✔ Test completed.