Vulnerabilities

 1 via 1 paths

Dependencies

 445

Source

 GitHub

Commit

 37277b27

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 13
Severity
  • 14
Status
  • 14
  • 0
  • 0

medium severity
new

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: undici
  • Introduced through: @xhayper/discord-rpc@1.3.0

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @xhayper/discord-rpc@1.3.0 @discordjs/rest@2.6.0 undici@6.21.3

Overview

undici is an An HTTP/1.1 client, written from scratch for Node.js

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decompression chain. An attacker can cause high CPU usage and excessive memory allocation by sending HTTP responses with a large number of chained compression steps in the Content-Encoding header.

Remediation

Upgrade undici to version 6.23.0, 7.18.2 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

MPL-2.0 license

  • Module: @dehoist/romanize-thai
  • Introduced through: @dehoist/romanize-thai@1.0.0

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @dehoist/romanize-thai@1.0.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-content
  • Introduced through: @ghostery/adblocker-electron-preload@2.13.4 and @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron-preload@2.13.4 @ghostery/adblocker-content@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @ghostery/adblocker-content@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker-electron-preload@2.13.4 @ghostery/adblocker-content@2.13.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-electron-preload
  • Introduced through: @ghostery/adblocker-electron-preload@2.13.4 and @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron-preload@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker-electron-preload@2.13.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/adblocker-extended-selectors
  • Introduced through: @ghostery/adblocker-electron-preload@2.13.4 and @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron-preload@2.13.4 @ghostery/adblocker-content@2.13.4 @ghostery/adblocker-extended-selectors@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @ghostery/adblocker-extended-selectors@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @ghostery/adblocker-content@2.13.4 @ghostery/adblocker-extended-selectors@2.13.4
  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker-electron-preload@2.13.4 @ghostery/adblocker-content@2.13.4 @ghostery/adblocker-extended-selectors@2.13.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @ghostery/url-parser
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @ghostery/url-parser@1.3.1

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/guess-url-type
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/guess-url-type@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/small
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/small@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/smaz@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-compress
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/smaz-decompress
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/smaz@2.2.0 @remusao/smaz-decompress@2.2.0

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: @remusao/trie
  • Introduced through: @ghostery/adblocker-electron@2.13.4

Detailed paths

  • Introduced through: youtube-music@th-ch/youtube-music#37277b2764762b9f783da32b2dd892898805683a @ghostery/adblocker-electron@2.13.4 @ghostery/adblocker@2.13.4 @remusao/smaz@2.2.0 @remusao/smaz-compress@2.2.0 @remusao/trie@2.1.0

MPL-2.0 license

MPL-2.0 license vulnerability report