Vulnerabilities

1 via 1 paths

Dependencies

290

Source

GitHub

Commit

7ea2744d

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Open Redirect

  • Vulnerable module: got
  • Introduced through: ava@3.15.0

Detailed paths

  • Introduced through: @kronos-integration/test-step@Kronos-Integration/test-step#7ea2744d28d324cbf5d797a0ff178b9d08bf36e4 ava@3.15.0 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
    Remediation: Upgrade to ava@4.0.0.

Overview

Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.

Remediation

Upgrade got to version 11.8.5, 12.1.0 or higher.

References