- Vulnerable module: shelljs
- Introduced through: email@example.com and firstname.lastname@example.org
- Introduced through: mean@linnovate/mean#3c59ef573cad4bf99a08d31e57e003d2448366e6 › email@example.com
- Introduced through: mean@linnovate/mean#3c59ef573cad4bf99a08d31e57e003d2448366e6 › firstname.lastname@example.org › email@example.com
shelljs is a portable Unix shell commands for Node.js.
It is possible to invoke commands from
shell.exec() from external sources, allowing an attacker to inject arbitrary commands.
There is no fix version for
Regular Expression Denial of Service
Vulnerability patched for: firstname.lastname@example.org.
- Vulnerable module: uglify-js
- Introduced through: email@example.com
- Introduced through: mean@linnovate/mean#3c59ef573cad4bf99a08d31e57e003d2448366e6 › firstname.lastname@example.org › email@example.com › firstname.lastname@example.org
parse() function in the
uglify-js package prior to version 2.6.0 is vulnerable to regular expression denial of service (ReDoS) attacks when long inputs of certain patterns are processed.
"The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time." 1
Upgrade to version 2.6.0 or greater.
If a direct dependency update is not possible, use
snyk wizard to patch this vulnerability.