Skip to content

Merge pull request #1 from billmcchesney1/whitesource/configure

Mend for github.com / WhiteSource Security Check failed Jun 16, 2024 in 8m 19s

Security Report

The Security Check found 13 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-3696

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/examples/graphql/package.json

Dependency Hierarchy:

-> ❌ mongoose-5.7.5.tgz (Vulnerable Library)

Critical 9.8 mongoose-5.7.5.tgz Upgrade to version: mongoose - 6.11.3,7.3.4 #175
CVE-2022-2564

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/examples/graphql/package.json

Dependency Hierarchy:

-> ❌ mongoose-5.7.5.tgz (Vulnerable Library)

Critical 9.8 mongoose-5.7.5.tgz Upgrade to version: mongoose - 6.4.6 #169
CVE-2021-23438

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/examples/graphql/package.json

Dependency Hierarchy:

-> mongoose-5.7.5.tgz (Root Library)

   -> ❌ mpath-0.6.0.tgz (Vulnerable Library)

Critical 9.8 mpath-0.6.0.tgz Upgrade to version: mpath - 0.8.4 #168
CVE-2022-25883

Path to dependency file: /examples/graphql/package.json

Path to vulnerable library: /examples/graphql/package.json,/examples/rest/package.json

Dependency Hierarchy:

-> mongoose-5.7.5.tgz (Root Library)

   -> mongodb-3.3.2.tgz

     -> require_optional-1.0.1.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #174
CVE-2022-24999

Path to dependency file: /examples/graphql/package.json

Path to vulnerable library: /examples/graphql/package.json,/examples/rest/package.json

Dependency Hierarchy:

-> express-4.16.4.tgz (Root Library)

   -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #170
CVE-2021-23337

Path to dependency file: /packages/mongoose/package.json

Path to vulnerable library: /packages/mongoose/package.json,/examples/rest/package.json,/packages/core/node_modules/lodash/package.json,/examples/graphql/package.json,/packages/graphql/node_modules/lodash/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.19.tgz (Vulnerable Library)

High 7.2 lodash-4.17.19.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #38
CVE-2024-29041

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/examples/graphql/package.json

Dependency Hierarchy:

-> ❌ express-4.16.4.tgz (Vulnerable Library)

Medium 6.1 express-4.16.4.tgz Upgrade to version: express - 4.19.0 #167
CVE-2021-46708

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/packages/core/node_modules/swagger-ui-dist/package.json

Dependency Hierarchy:

-> ❌ swagger-ui-dist-3.35.1.tgz (Vulnerable Library)

Medium 6.1 swagger-ui-dist-3.35.1.tgz Upgrade to version: swagger-ui-dist - 4.1.3 #172
CVE-2020-15366

Path to dependency file: /packages/core/package.json

Path to vulnerable library: /packages/core/node_modules/ajv/package.json

Dependency Hierarchy:

-> ❌ ajv-6.2.1.tgz (Vulnerable Library)

Medium 5.6 ajv-6.2.1.tgz Upgrade to version: ajv - 6.12.3 #27
CVE-2020-35149

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/examples/graphql/package.json

Dependency Hierarchy:

-> mongoose-5.7.5.tgz (Root Library)

   -> ❌ mquery-3.2.2.tgz (Vulnerable Library)

Medium 5.3 mquery-3.2.2.tgz Upgrade to version: 3.2.3 #12
CVE-2020-28500

Path to dependency file: /packages/mongoose/package.json

Path to vulnerable library: /packages/mongoose/package.json,/examples/rest/package.json,/packages/core/node_modules/lodash/package.json,/examples/graphql/package.json,/packages/graphql/node_modules/lodash/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.19.tgz (Vulnerable Library)

Medium 5.3 lodash-4.17.19.tgz Upgrade to version: lodash - 4.17.21 #37
CVE-2018-25031

Path to dependency file: /examples/rest/package.json

Path to vulnerable library: /examples/rest/package.json,/packages/core/node_modules/swagger-ui-dist/package.json

Dependency Hierarchy:

-> ❌ swagger-ui-dist-3.35.1.tgz (Vulnerable Library)

Medium 4.3 swagger-ui-dist-3.35.1.tgz Upgrade to version: swagger-ui - 4.1.3;swagger-ui-dist - 4.1.3 #171
CVE-2017-16137

Path to dependency file: /packages/core/package.json

Path to vulnerable library: /packages/core/node_modules/debug/package.json,/packages/mongoose/package.json,/packages/graphql/node_modules/debug/package.json,/examples/graphql/package.json,/examples/rest/package.json

Dependency Hierarchy:

-> ❌ debug-4.2.0.tgz (Vulnerable Library)

Low 3.7 debug-4.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #173

Total libraries scanned: 117
Scan token: 3027cd6d5f02f4d00990c6d6b766b1f4d1718560800004_8
View more details on Mend for github.com