Vulnerabilities

1 via 9 paths

Dependencies

150

Source

GitHub

Commit

d3f560a0

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Open Redirect

  • Vulnerable module: got
  • Introduced through: update-notifier@5.1.0, term-ng@3.0.4 and others

Detailed paths

  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
    Remediation: Upgrade to update-notifier@6.0.0.
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 @thebespokepixel/string@2.0.2 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 trucolor@4.0.4 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 verbosity@3.0.3 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 term-ng@3.0.4 @thebespokepixel/string@2.0.2 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 @thebespokepixel/string@2.0.2 term-ng@3.0.4 trucolor@4.0.4 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 trucolor@4.0.4 term-ng@3.0.4 @thebespokepixel/string@2.0.2 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0
  • Introduced through: trucolor-cli@thebespokepixel/trucolor-cli#d3f560a005f9c0d71506bf75168202d1c17ae6e6 verbosity@3.0.3 term-ng@3.0.4 trucolor@4.0.4 term-ng@3.0.4 update-notifier@5.1.0 latest-version@5.1.0 package-json@6.5.0 got@9.6.0

Overview

Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.

Remediation

Upgrade got to version 11.8.5, 12.1.0 or higher.

References