parser-4.8.1.tgz: 1 vulnerabilities (highest severity is: 9.8) [master]

[mend-developer-platform-dev]

📂 Vulnerable Library - parser-4.8.1.tgz

An ESLint custom parser which leverages TypeScript ESTree

Findings

Finding	Severity	🎯 CVSS	Exploit Maturity	EPSS	Library	Type	Fixed in	Remediation Available	Reachability
CVE-121740-819191	🟣 Critical	9.8	N/A	N/A	lodash-4.17.21.tgz	Transitive	N/A	❌

Details

🟣CVE-121740-819191

Vulnerable Library - lodash-4.17.21.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz

Dependency Hierarchy:

• workbox-webpack-plugin-6.5.3.tgz (Root Library)

  • workbox-build-6.5.3.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• babel-preset-react-app-10.0.0.tgz (Root Library)

  • preset-env-7.12.1.tgz
    • preset-modules-0.1.4.tgz
      • types-7.13.0.tgz
        • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• optimize-css-assets-webpack-plugin-6.0.1.tgz (Root Library)

  • last-call-webpack-plugin-3.0.0.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• babel-eslint-10.1.0.tgz (Root Library)

  • traverse-7.13.0.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• jest-26.6.0.tgz (Root Library)

  • core-26.6.3.tgz
    • jest-config-26.6.3.tgz
      • jest-environment-jsdom-26.6.2.tgz
        • jsdom-16.5.1.tgz
          • request-promise-native-1.0.9.tgz
            • request-promise-core-1.1.4.tgz
              • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• styled-components-5.2.1.tgz (Root Library)

  • babel-plugin-styled-components-1.12.0.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• jest-dom-5.11.9.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• html-webpack-plugin-4.5.0.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• jest-circus-26.6.0.tgz (Root Library)

  • traverse-7.13.0.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-plugin-flowtype-5.2.0.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-plugin-testing-library-3.10.1.tgz (Root Library)

  • experimental-utils-3.10.1.tgz
    • typescript-estree-3.10.1.tgz
      • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• jest-dom-5.11.6.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-7.22.0.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-plugin-4.17.0.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-plugin-flowtype-5.3.1.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• core-7.12.3.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• react-graph-vis-1.0.7.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• parser-4.8.1.tgz (Root Library)

  • typescript-estree-4.8.1.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• eslint-7.14.0.tgz (Root Library)

  • eslintrc-0.2.1.tgz
    • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• webpack-manifest-plugin-2.2.0.tgz (Root Library)

  • ❌ lodash-4.17.21.tgz (Vulnerable Library)

• babel-jest-26.6.3.tgz (Root Library)

  • babel-preset-jest-26.6.2.tgz
    • babel-plugin-jest-hoist-26.6.2.tgz
      • types-7.13.0.tgz
        • ❌ lodash-4.17.21.tgz (Vulnerable Library)

---

Vulnerability Details

Created automatically by the test suite

Publish Date: Jun 07, 2010 05:12 PM

URL: CVE-121740-819191

Threat Assessment

Exploit Maturity:N/A

EPSS:N/A

Score: 9.8

---

Suggested Fix

Type: Upgrade version

Origin:

Release Date:

Fix Resolution :