Vulnerabilities	1 via 1 paths
Dependencies	48
Source	GitHub
Commit	33399805

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
1
License issues
9

Severity

Critical
High
9
Medium
1
Low

Status

Open
10
Patched
0
Ignored
0

high severity

AGPL-3.0 license

Module: @magic/cases
Introduced through: @magic/cases@0.0.5, @magic/cli@0.0.34 and others

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cases@0.0.5
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cli@0.0.34 › @magic/cases@0.0.5
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/cases@0.0.5

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/cli
Introduced through: @magic/cli@0.0.34

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cli@0.0.34

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/css
Introduced through: @magic/css@0.7.38

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/deep
Introduced through: @magic/deep@0.1.7, @magic/fs@0.0.15 and others

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/deep@0.1.7
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/deep@0.1.7
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/deep@0.1.7
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/deep@0.1.7

…and 1 more

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/error
Introduced through: @magic/fs@0.0.15 and @magic/css@0.7.38

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/error@0.0.10
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/error@0.0.10

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/fs
Introduced through: @magic/fs@0.0.15 and @magic/css@0.7.38

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/log
Introduced through: @magic/log@0.1.10, @magic/cli@0.0.34 and others

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/log@0.1.10
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cli@0.0.34 › @magic/log@0.1.10
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/log@0.1.10

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/mime-types
Introduced through: @magic/fs@0.0.15 and @magic/css@0.7.38

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/mime-types@0.0.10
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/mime-types@0.0.10

AGPL-3.0 license

AGPL-3.0 license vulnerability report

high severity

AGPL-3.0 license

Module: @magic/types
Introduced through: @magic/types@0.1.16, @magic/log@0.1.10 and others

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/log@0.1.10 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cli@0.0.34 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/deep@0.1.7 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/cli@0.0.34 › @magic/log@0.1.10 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/log@0.1.10 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/deep@0.1.7 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/deep@0.1.7 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/fs@0.0.15 › @magic/error@0.0.10 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/deep@0.1.7 › @magic/types@0.1.16
Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › @magic/fs@0.0.15 › @magic/error@0.0.10 › @magic/types@0.1.16

…and 11 more

AGPL-3.0 license

AGPL-3.0 license vulnerability report

medium severity

Improper Input Validation

Vulnerable module: postcss
Introduced through: @magic/css@0.7.38

Detailed paths

Introduced through: @magic/glyphs@magic/glyphs#3339980574daee300a5a85edf61c380b10c8419e › @magic/css@0.7.38 › postcss@8.3.6

Remediation: Upgrade to @magic/css@0.7.55.

Overview

postcss is a PostCSS is a tool for transforming styles with JS plugins.

Affected versions of this package are vulnerable to Improper Input Validation when parsing external Cascading Style Sheets (CSS) with linters using PostCSS. An attacker can cause discrepancies by injecting malicious CSS rules, such as @font-face{ font:(\r/*);}. This vulnerability is because of an insecure regular expression usage in the RE_BAD_BRACKET variable.

Remediation

Upgrade postcss to version 8.4.31 or higher.

References

Improper Input Validation vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

high severity

AGPL-3.0 license

Detailed paths

medium severity

Improper Input Validation

Detailed paths

Overview

Remediation

References