Skip to content

Instantly share code, notes, and snippets.

@webgtx

webgtx/SecurityReport.md

Created September 5, 2022 07:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save webgtx/d90645f84d151eeb4fec3e4e3ae21c39 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save webgtx/d90645f84d151eeb4fec3e4e3ae21c39 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SecurityReport.md

Security Report

for webgtx/webgtx.io repository

3-rd Party Outdated library vulnerabilities ☠️

Prototype Pollution in lodash 🔐

CVSS Metrics Weakness Attack vector Integrity
CWE-20 Network High

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Vulnerable Version
"dependencies": {
  "lodash": ">=4.17.21"
}

Server-Side Request Forgery in Axios 🛰️

CVSS Metrics Weakness
CWE-918

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Vulnerable version
"dependencies": {
  "axios": ">=0.21.2"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment