You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: Homepages/backend/package.json
Path to vulnerable library: Homepages/backend/node_modules/pac-resolver/package.json
Dependency Hierarchy:
pm2-4.5.0.tgz (Root Library)
agent-1.0.4.tgz
proxy-agent-3.1.1.tgz
pac-proxy-agent-3.0.1.tgz
❌ pac-resolver-3.0.0.tgz (Vulnerable Library)
Found in base branch: development
Vulnerability Details
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
CVE-2021-23406 - High Severity Vulnerability
Vulnerable Library - pac-resolver-3.0.0.tgz
Generates an asynchronous resolver function from a PAC file
Library home page: https://registry.npmjs.org/pac-resolver/-/pac-resolver-3.0.0.tgz
Path to dependency file: Homepages/backend/package.json
Path to vulnerable library: Homepages/backend/node_modules/pac-resolver/package.json
Dependency Hierarchy:
Found in base branch: development
Vulnerability Details
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
Publish Date: 2021-08-24
URL: CVE-2021-23406
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23406
Release Date: 2021-08-24
Fix Resolution: degenerator - 3.0.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: