Vulnerabilities

 2 via 2 paths

Dependencies

 132

Source

 GitHub

Commit

 dd135bb2

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
Status
  • 2
  • 0
  • 0

medium severity

Resource Exhaustion

  • Vulnerable module: next
  • Introduced through: next@13.2.4

Detailed paths

  • Introduced through: @shaes-farm/mui-mas@shaes-farm/mui-mas#dd135bb29099f6cd8a05134c25ceff515dce0001 next@13.2.4
    Remediation: Upgrade to next@13.5.0.

Overview

next is a react framework.

Affected versions of this package are vulnerable to Resource Exhaustion via the cache-control header. An attacker can cause a denial of service to all users requesting the same URL via a CDN by caching empty prefetch responses.

Remediation

Upgrade next to version 13.4.20-canary.13 or higher.

References

Resource Exhaustion vulnerability report

medium severity

Improper Input Validation

  • Vulnerable module: postcss
  • Introduced through: next@13.2.4

Detailed paths

  • Introduced through: @shaes-farm/mui-mas@shaes-farm/mui-mas#dd135bb29099f6cd8a05134c25ceff515dce0001 next@13.2.4 postcss@8.4.14
    Remediation: Upgrade to next@13.5.4.

Overview

postcss is a PostCSS is a tool for transforming styles with JS plugins.

Affected versions of this package are vulnerable to Improper Input Validation when parsing external Cascading Style Sheets (CSS) with linters using PostCSS. An attacker can cause discrepancies by injecting malicious CSS rules, such as @font-face{ font:(\r/*);}. This vulnerability is because of an insecure regular expression usage in the RE_BAD_BRACKET variable.

Remediation

Upgrade postcss to version 8.4.31 or higher.

References

Improper Input Validation vulnerability report