Update dependency body-parser to v1.20.3 (main) #10
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
general
https://vonagecc.jfrog.io/artifactory
Step | Level | Description | Details |
---|---|---|---|
Checking registry connectivity | ⚠Warn | Unsupported configuration was provided | unsupported host type gradle, skipped |
You have successfully remediated 5 vulnerabilities, but introduced 3 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
---|---|---|---|---|---|---|---|---|
CVE-2024-43800Path to dependency file: /package.json Path to vulnerable library: /node_modules/serve-static/package.json Dependency Hierarchy: -> express-4.16.3.tgz (Root Library) -> ❌ serve-static-1.13.2.tgz (Vulnerable Library) |
Medium | 5.0 | Not Defined | 0.0% | serve-static-1.13.2.tgz | Upgrade to version: serve-static - 1.16.0,2.1.0 | #4 | |
CVE-2024-43799Path to dependency file: /package.json Path to vulnerable library: /node_modules/send/package.json Dependency Hierarchy: -> express-4.16.3.tgz (Root Library) -> ❌ send-0.16.2.tgz (Vulnerable Library) |
Medium | 5.0 | Not Defined | 0.0% | send-0.16.2.tgz | Upgrade to version: send - 0.19.0 | #4 | |
CVE-2024-43796Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/package.json Dependency Hierarchy: -> ❌ express-4.16.3.tgz (Vulnerable Library) |
Medium | 5.0 | Not Defined | 0.0% | express-4.16.3.tgz | Upgrade to version: express - 4.20.0,5.0.0 | #4 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2024-45590 | body-parser-1.18.3.tgz |
CVE-2021-3918 | json-schema-0.2.3.tgz |
CVE-2020-15366 | ajv-6.12.2.tgz |
CVE-2022-24999 | qs-6.5.2.tgz |
CVE-2022-25883 | semver-5.7.1.tgz |
Base branch total remaining vulnerabilities: 17
Base branch commit: null
Total libraries scanned: 142
Scan token: 9ea04c626f1f41b1b4cb10070a7027ef