Contrib.social

Security audit to shows issues into package.json packages

Open on Drupal.org →
Created on 28 May 2024, 5 months ago

inflight Missing Release of Resource after Effective Lifetime
VULNERABILITY
CWE-772OPEN THIS LINK IN A NEW TAB
CVSS 6.2OPEN THIS LINK IN A NEW TAB MEDIUM
SNYK-JS-INFLIGHT-6095116OPEN THIS LINK IN A NEW TAB
SCORE
631
Introduced through
@ckeditor/ckeditor5-dev-utils@30.5.0
Exploit maturity
PROOF OF CONCEPT
Show less detail
Detailed paths
Introduced through: drupal-linkit@5.0.0 › @ckeditor/ckeditor5-dev-utils@30.5.0 › shelljs@0.8.5 › glob@7.2.3 › inflight@1.0.6
Fix: No remediation path available.
Introduced through: drupal-linkit@5.0.0 › @ckeditor/ckeditor5-dev-utils@30.5.0 › @ckeditor/ckeditor5-dev-webpack-plugin@30.5.0 › rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6
Fix: Upgrade to @ckeditor/ckeditor5-dev-utils@32.0.0
Introduced through: drupal-linkit@5.0.0 › @ckeditor/ckeditor5-dev-utils@30.5.0 › del@5.1.0 › rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6
Fix: No remediation path available.

---------------

serialize-javascript Cross-site Scripting (XSS)
VULNERABILITY
CWE-79OPEN THIS LINK IN A NEW TAB
CVSS 6.1OPEN THIS LINK IN A NEW TAB MEDIUM
SNYK-JS-SERIALIZEJAVASCRIPT-6147607OPEN THIS LINK IN A NEW TAB
SCORE
109
Introduced through
@ckeditor/ckeditor5-dev-utils@30.5.0
Fixed in
serialize-javascript@6.0.2

🐛 Bug report
Status

Active

Version

6.0

Component

Code

Created by

🇮🇳India vipul tulse

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024