Snyk Package Analysis - Package Vulnerabilities #1069

dev-script · 2024-02-23T09:37:04Z

Introduced through: express-gateway@1.16.11

High Severity

Fixed In: ejs@3.1.7 (Remote Code Execution (RCE))
Fixed in: pac-resolver@5.0.0 (Remote Code Execution (RCE))
Fixed in: ansi-regex@3.0.1, @4.1.1, @5.0.1, @6.0.1 (Regular Expression Denial of Service (ReDoS))
Fixed in: axios@1.6.4 (Prototype Pollution)
Fixed in: unset-value@2.0.1 (Prototype Pollution)

Medium Severity

Fixed in: express-gateway@1.16.11 › yeoman-environment@2.10.3 › globby@8.0.2 › glob@7.2.3 › inflight@1.0.6 (Missing Release of Resource after Effective Lifetime)
Fixed in: glob-parent@5.1.2 (Regular Expression Denial of Service (ReDoS))
Fixed in: jsonwebtoken@9.0.0 (Use of a Broken or Risky Cryptographic Algorithm)
Fixed in: got@11.8.5, @12.1.0 (Open Redirect)
Fixed in: redis@3.1.1 (Regular Expression Denial of Service (ReDoS))
Fixed in : passport@0.6.0 (Session Fixation)