Vulnerabilities

 1 via 2 paths

Dependencies

 248

Source

 GitHub

Commit

 ad5966a2

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Open Redirect

  • Vulnerable module: got
  • Introduced through: gh-got@9.0.0 and update-notifier@5.1.0

Detailed paths

  • Introduced through: npm-modules-sync@riyadhalnur/npm-modules-sync#ad5966a292c1fdeab7b4925404bf5defff861713 gh-got@9.0.0 got@10.7.0
    Remediation: Upgrade to gh-got@10.0.0.
  • Introduced through: npm-modules-sync@riyadhalnur/npm-modules-sync#ad5966a292c1fdeab7b4925404bf5defff861713 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
    Remediation: Upgrade to update-notifier@6.0.0.

Overview

Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.

Remediation

Upgrade got to version 11.8.5, 12.1.0 or higher.

References

Open Redirect vulnerability report