Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: got
- Introduced through: update-notifier@5.1.0, term-ng@3.0.4 and others
Detailed paths
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0Remediation: Upgrade to update-notifier@6.0.0.
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › verbosity@3.0.3 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › term-ng@3.0.4 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › trucolor@4.0.4 › term-ng@3.0.4 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 › verbosity@3.0.3 › term-ng@3.0.4 › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
Overview
Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.
Remediation
Upgrade got
to version 11.8.5, 12.1.0 or higher.