Vulnerabilities |
1 via 9 paths |
---|---|
Dependencies |
159 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: got
- Introduced through: update-notifier@5.1.0, term-ng@3.0.4 and others
Detailed paths
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0Remediation: Upgrade to update-notifier@6.0.0.
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › verbosity@3.0.3 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › term-ng@3.0.4 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › trucolor@4.0.4 › term-ng@3.0.4 › @thebespokepixel/string@2.0.2 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
-
Introduced through: truwrap-cli@thebespokepixel/truwrap-cli › verbosity@3.0.3 › term-ng@3.0.4 › trucolor@4.0.4 › term-ng@3.0.4 › update-notifier@5.1.0 › latest-version@5.1.0 › package-json@6.5.0 › got@9.6.0
Overview
Affected versions of this package are vulnerable to Open Redirect due to missing verification of requested URLs. It allowed a victim to be redirected to a UNIX socket.
Remediation
Upgrade got
to version 11.8.5, 12.1.0 or higher.